Agent Configurations Based on Software and App Settings
Use the following steps to push agent configurations to connecting endpoints based on the presence of specific software and app settings on the endpoint:
- (Optional) Deploy app settings using the
Windows Registry or macOS plist.The Windows Registry and macOS plist enable you to deploy app settings directly to endpoints.
- Set up access to the GlobalProtect portal.
- Define the data that the
GlobalProtect app collects from connecting endpoints after users
successfully authenticate to the portal.
- To collect registry data from Windows endpoints, select Windows and then Add the Registry Key and corresponding Registry Value.
- To collect plist data from macOS endpoints, select Mac and then Add the Plist key and corresponding Key value.
- Define an agent configuration on the portal.
- Add custom config selection criteria for
your agent configuration.The portal can determine whether an endpoint is managed or unmanaged by verifying the presence of specific software and app settings on the endpoint, as defined in the Windows Registry and macOS plist (Step 1). After the GlobalProtect app collects data from connecting endpoints (as defined in Step 3), it sends this data to the portal to match against the custom checks that you specify in the config selection criteria for each agent configuration. If an endpoint matches all config selection criteria for an agent configuration, the portal pushes that agent configuration to the endpoint.To deliver your agent configuration to connecting endpoints based on custom host information, use the following steps:
- Select Config Selection CriteriaCustom Checks.
- Enable Custom Checks and then
define any of the following registry and plist data to match:
- To check Windows endpoints for a specific registry key, use the following steps:
- Add a new registry key (Custom ChecksRegistry Key).
- When prompted, enter the Registry Key to match.
- (Optional) To deliver this configuration only if the endpoint does not have the specified registry key or key value, select Key does not exist or match the specified value data.
- (Optional) To deliver this configuration based on specific registry values, Add the Registry Value and corresponding Value Data. To deliver this configuration only if the endpoint does not have the specified Registry Value or Value Data, select Negate.
- To check macOS endpoints for a specific entry in the plist, use the following steps:
- Add a new plist (Custom ChecksPlist).
- When prompted, enter the Plist name.
- (Optional) To deliver this configuration only if the endpoint does not have the specified plist, select Plist does not exist.
- (Optional) To deliver this configuration based on specific key-value pairs within the plist, click Add and then enter the Key and corresponding Value. To match only if endpoints do not have the specified key or value, select Negate.
- Save the portal configuration.
- Click OK twice.
- Commit your changes.
Collect Application and Process Data From Endpoints
Collect Application and Process Data From Endpoints The Windows Registry and macOS plist can be used to configure and store settings for Windows and Mac ...
HIP-Based Policy Enforcement Based on the Endpoint Status
HIP-Based Policy Enforcement Based on the Endpoint Status Use the following steps to enforce HIP-based security policies based on the status of connecting endpoints: To ...
GlobalProtect Portals Agent Config Selection Criteria Tab
GlobalProtect Portals Agent Config Selection Criteria Tab Network GlobalProtect Portals Agent Config Selection Criteria Select the Config Selection Criteria tab to configure the matching criteria ...
Deploy App Settings Transparently
Deploy App Settings Transparently As an alternative to deploying app settings from the portal configuration, you can define them directly from the Windows Registry, global ...
HIP Objects Custom Checks Tab
HIP Objects Custom Checks Tab Objects GlobalProtect HIP Objects Custom Checks Select the Custom Checks tab to enable HIP matching on any custom checks you ...
Define the GlobalProtect Agent Configurations
Define the GlobalProtect Agent Configurations After a GlobalProtect user connects to the portal and is authenticated by the GlobalProtect portal, the portal sends the agent ...
Deploy App Settings in the Mac Plist
Deploy App Settings in the macOS Plist You can set the GlobalProtect app customization settings in the macOS global plist (Property list) file. This enables ...
Customizable App Settings
Customizable App Settings In addition to pre-deploying the portal address, you can also define the app settings. To Deploy App Settings to Windows Endpoints you ...
GlobalProtect Portals Portal Data Collection Tab
GlobalProtect Portals Portal Data Collection Tab Select Network GlobalProtect Portals Portal Data Collection to define the data that the GlobalProtect app collects from endpoints and ...