End-of-Life (EoL)

Deploy App Settings in the Windows Registry

You can enable deployment of GlobalProtect app settings to Windows endpoints prior to their first connection to the GlobalProtect portal by using the Windows Registry. Use the options described in the following table to use the Windows Registry to customize app settings for Windows endpoints.
In addition to using the Windows Registry to deploy GlobalProtect app settings, you can enable the GlobalProtect app to collect specific Windows Registry information from Windows endpoints. You can then monitor the data and add it to a security rule to use as matching criteria. Endpoint traffic that matches registry settings you define can be enforced according to the security rule. Additionally, you can set up custom checks to Collect Application and Process Data From Endpoints.
  1. Locate the GlobalProtect app customization settings in the Windows Registry.
    Open the Windows Registry (enter
    on the command prompt) and go to:
    HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\Settings\
  2. (
    ) Predeploy the portal name.
    If you do not want the end user to manually enter the portal address even for the first connection, you can pre-deploy the portal address through the Windows Registry.
    1. In the Window Registry, go to:
      HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\PanSetup
    2. Right-click
      and then select
    3. Enter the portal name in the
      Value data
      field, and then click
  3. (
    ) Predeploy the gateway name and gateway address.
    If you want to use a specific gateway name and gateway address for the first connection, you can pre-deploy the gateway name and gateway address through the registry. You can configure:
    • Preferred gateway—In the
      \HKEY_CURRENT_USER\SOFTWARE\Palo Alto Networks\GlobalProtect\Settings\<portal>
      folder, right-click
      and modify the value.
    • Preferred gateway address—In the
      \HKEY_CURRENT_USER\SOFTWARE\Palo Alto Networks\GlobalProtect\Settings\<portal>
      folder, right-click
      and modify the value.
  4. Predeploy the preferred IP.
    If you want to use the same IP address from the assigned IP pool to connect to the GlobalProtect gateway, you can pre-deploy the preferred IP address through the registry.
    In the
    HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\PanMSService
    folder, right-click
    and modify the preferred IP address.
  5. Deploy various settings to the Windows endpoint, including the connect method for the GlobalProtect app and single sign-on (SSO).
    View Customizable App Settings for a full list of the commands and values you can set up using the Windows Registry.
  6. Enable the GlobalProtect app to wrap third-party credentials on the Windows endpoint, allowing for SSO when using a third-party credential provider.

Recommended For You