Agent Configurations Based on the Endpoint Serial Number
Use the following steps to push agent configurations to connecting endpoints based on the presence of the endpoint serial number in the Active Directory or Azure AD:
This enhancement is applicable only to Android, Windows, macOS, and Linux endpoints.
To verify the presence of an endpoint serial number on the firewall, you must first populate a directory server with the list of serial numbers for all managed endpoints.
- To identify the endpoint status based on the endpoint serial number, you must configure group mapping. If an endpoint is managed, you can bind the serial number of the endpoint to the machine account of the endpoint in your directory server (such as Active Directory). The firewall can then pre-fetch the serial numbers of these managed endpoints when it retrieves group mapping information from the directory server.In your Group Mapping configuration (), you must enable the option toDeviceUser IdentificationGroup Mapping Settings<group-mapping-config>Fetch list of managed devices. This allows the firewall to retrieve serial numbers from the directory server.
- Add config selection criteria for your agent configuration based on the presence of the endpoint serial number in the Active Directory or Azure AD.When a user attempts to establish a GlobalProtect connection, the GlobalProtect app sends the serial number of the connecting endpoint to the portal to match against the list of serial numbers in the Active Directory or Azure AD. If an endpoint matches all config selection criteria for an agent configuration, including the presence of the endpoint serial number in the Active Directory or Azure AD, the portal pushes that agent configuration to the endpoint.To deliver your agent configuration to connecting endpoints based on the presence of the endpoint serial number in the Active Directory or Azure AD, use the following steps:
- Select.Config Selection CriteriaDevice Checks
- In the Serial Number Check area, select an option from theMachine account exists with device serial numberdrop-down. If you set this option toYes, the agent configuration applies only to endpoints with a serial number that exists (managed endpoints). If you set this option toNo, the agent configuration applies only endpoints with a serial number that does not exist (unmanaged endpoints). If you set this option toNone, the configuration is not delivered to apps based on the presence of the endpoint serial number.
- Save the portal configuration.
- Commityour changes.
Recommended For You
Recommended videos not found.