1. Home
    2. PAN-OS
    3. PAN-OS Web Interface Help
    4. GlobalProtect
    5. Network > GlobalProtect > Portals
    6. GlobalProtect Portals Agent Tab
    7. GlobalProtect Portals Agent Config Selection Criteria Tab

    GlobalProtect Portals Agent Config Selection Criteria Tab

    • Network
      GlobalProtect
      Portals
      <portal-config>
      Agent
      <agent-config>
      Config Selection Criteria
    Select the
    Config Selection Criteria
     tab to configure the matching criteria used to identify the endpoint type in deployments with both managed and unmanaged endpoints. The portal can push specified configurations to the endpoint based on the endpoint type.
    GlobalProtect Portal Config Selection Criteria Settings
    Description
    User/User Group tab
    OS
    Add
     one or more endpoint operating system (OS) to specify which endpoints receive this configuration. The portal automatically learns the OS of the endpoint and incorporates details for that OS in the client configuration. You can select
    Any
     OS or a specific OS (
    Android
    ,
    Chrome
    ,
    iOS
    ,
    IoT
    ,
    Linux
    ,
    Mac
    ,
    Windows
    , or
    WindowsUWP
    ).
    User/User Group
    Add
     the specific users or user groups to which this configuration applies.
    You must configure group mapping (
    Device
    User Identification
    Group Mapping Settings
    ) before you can select user groups.
    To deploy this configuration to all users, select
    any
     from the
    User/User Group
     drop-down. To deploy this configuration only to users with GlobalProtect apps in pre-logon mode, select
    pre-logon
     from the
    User/User Group
     drop-down.
    Device Checks
    Machine account exists with device serial number
    Configure matching criteria based on whether the endpoint serial number exists in the Active Directory. The serial number check is supported on Windows and Mac operating systems.
    Certificate Profile
    Select the certificate profile that the GlobalProtect portal uses to match the machine certificate sent by the GlobalProtect app. The machine certificate check is supported on Windows and Mac operating systems.
    Custom Checks
    Custom Checks
    Select this option to define custom host information to match.
    Registry Key
    To check Windows endpoints for a specific registry key,
    Add
     the
    Registry Key
     for which to match. To match only the endpoints that lack the specified registry key or key value, enable the
    Key does not exist or match the specified value data
     option. To match on specific values,
    Add
     the
    Registry Value
     and
    Value Data
    . To match endpoints that explicitly do not have the specified value or value data, select
    Negate
    .
    Plist
    To check macOS endpoints for a specific entry in the property list (plist),
    Add
     the
    Plist
     name. To match only the endpoints that do not have the specified plist, enable the
    Plist does not exist
     option. To match on specific key-value pairs within the plist,
    Add
     the
    Key
     and corresponding
    Value
    . To match endpoints that explicitly do not have the specified key or value, select
    Negate
    .

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2022 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo