GlobalProtect Portals Agent Config Selection Criteria Tab
- NetworkGlobalProtectPortals<portal-config>Agent<agent-config>Config Selection Criteria
Select the
Config Selection Criteria
tab
to configure the matching criteria used to identify the endpoint
type in deployments with both managed and unmanaged endpoints. The portal
can push specified configurations to the endpoint based on the endpoint
type.GlobalProtect Portal
Config Selection Criteria Settings | Description |
---|---|
User/User Group tab | |
OS | Add one or more endpoint
operating system (OS) to specify which endpoints receive this configuration.
The portal automatically learns the OS of the endpoint and incorporates
details for that OS in the client configuration. You can select Any OS
or a specific OS (Android , Chrome , iOS , IoT , Linux , Mac , Windows ,
or WindowsUWP ). |
User/User Group | Add the specific users
or user groups to which this configuration applies.You
must configure group mapping ( Device User Identification Group Mapping Settings To deploy this configuration
to all users, select any from the User/User
Group drop-down. To deploy this configuration only to users
with GlobalProtect apps in pre-logon mode, select pre-logon from
the User/User Group drop-down. |
Device Checks | |
Machine account exists with device serial number | Configure matching criteria based on whether
the endpoint serial number exists in the Active Directory. The serial
number check is supported on Windows and Mac operating systems. |
Certificate Profile | Select the certificate profile that the GlobalProtect
portal uses to match the machine certificate sent by the GlobalProtect
app. The machine certificate check is supported on Windows and Mac
operating systems. |
Custom Checks | |
Custom Checks | Select this option to define custom host information
to match. |
Registry Key | To check Windows endpoints for a specific
registry key, Add the Registry
Key for which to match. To match only the endpoints that
lack the specified registry key or key value, enable the Key
does not exist or match the specified value data option.
To match on specific values, Add the Registry
Value and Value Data . To match endpoints
that explicitly do not have the specified value or value data, select Negate . |
Plist | To check macOS endpoints for a specific entry
in the property list (plist), Add the Plist name.
To match only the endpoints that do not have the specified plist,
enable the Plist does not exist option. To
match on specific key-value pairs within the plist, Add the Key and corresponding Value . To
match endpoints that explicitly do not have the specified key or
value, select Negate . |
Recommended For You
Recommended Videos
Recommended videos not found.