Select the Agent tab to define the agent configuration settings. The GlobalProtect portal deploys the configuration to the device after the connection is first established.

You can also specify that the portal automatically deploy trusted root certificate authority (CA) certificates and intermediate certificates. If the endpoints do not trust the server certificates that the GlobalProtect gateways and GlobalProtect Mobile Security Manager are using, the endpoints need these certificates to establish HTTPS connections to the gateways or Mobile Security Manager. The portal pushes the certificates you specify here to the client along with the client configuration.

To add a trusted root CA certificate, Add an existing certificate or Import a new one. To install (transparently) the trusted root CA certificates that are required for SSL Forward Proxy decryption in the certificate store on the client, select Install in Local Root Certificate Store.

If you have different types of users that require different configurations, you can create separate agent configurations to support them. The portal subsequently uses the user or group name and OS of the client to determine the agent configuration to deploy. As with security rule evaluations, the portal looks for a match, starting from the top of the list. When the portal finds a match, it delivers the corresponding configuration to the app. Therefore, if you have multiple agent configurations, it is important to order them so that more specific configurations (configurations for specific users or operating systems) are above the more generic configurations. Use Move Up and Move Down to reorder the configurations. As needed, Add a new agent configuration. For detailed information on configuring the portal and creating agent configurations, refer to GlobalProtect Portals in the GlobalProtect Administrator’s Guide. When you Add a new agent configuration or modify an existing one, the Configs window opens and displays five tabs, which are described in the following tables: