Agent Configurations Based on the Endpoint’s Machine Certificate
Use the following steps to push agent configurations to connecting endpoints based on the endpoint's machine certificate:
you want to use the endpoint's machine certificate to identify the
endpoint status, configure a certificate profile.The GlobalProtect portal uses this certificate profile to match the machine certificate sent by the GlobalProtect app. For a successful match, the machine certificate must be signed and issued by the same CA certificate and (optional) template that you configure in the certificate profile. If you do not configure a template, the machine certificate matches based on only the configured CA certificate.
- Set up access to the GlobalProtect portal.
- Define the data that the
GlobalProtect app collects from connecting endpoints after users
successfully authenticate to the portal.To specify the machine certificates that you want the GlobalProtect app to collect from connecting endpoints, select the Certificate Profile that you configured in Step 1.
- Define an agent configuration on the portal.
- Add config selection criteria for
your agent configuration based on certificate profiles.After the GlobalProtect app collects machine certificates from connecting endpoints (as defined in Step 3), it sends the certificates to the portal to match against the certificate profile that you specify in the config selection critiera for each agent configuration. If an endpoint matches all config selection criteria for an agent configuration, the portal pushes that agent configuration to the endpoint.To deliver your agent configuration to connecting endpoints based on the endpoints’ machine certificate, use the following steps:
- Select Config Selection CriteriaDevice Checks.
- In the Machine Certificate Check area, select a Certificate Profile to match against the machine certificates installed on the endpoints.
- Save the portal configuration.
- Click OK twice.
- Commit your changes.
HIP-Based Policy Enforcement Based on the Endpoint Status
HIP-Based Policy Enforcement Based on the Endpoint Status Use the following steps to enforce HIP-based security policies based on the status of connecting endpoints: To ...
GlobalProtect Portals Portal Data Collection Tab
GlobalProtect Portals Portal Data Collection Tab Select Network GlobalProtect Portals Portal Data Collection to define the data that the GlobalProtect app collects from endpoints and ...
Set Up Access to the GlobalProtect Portal
Set Up Access to the GlobalProtect Portal After you have completed the Prerequisite Tasks for Configuring the GlobalProtect Portal , configure the GlobalProtect portal as ...
Portal Configuration Assignment and HIP-Based Access Control Using New Endpoint Attributes
You can now deploy different configurations for managed endpoints and unmanaged endpoints from a single GlobalProtect portal or gateway. ...
GlobalProtect Portals Agent Config Selection Criteria Tab
GlobalProtect Portals Agent Config Selection Criteria Tab Network GlobalProtect Portals Agent Config Selection Criteria Select the Config Selection Criteria tab to configure the matching criteria ...
Remote Access VPN with Pre-Logon
Remote Access VPN with Pre-Logon Pre-logon is a connect method that establishes a VPN tunnel before a user logs in. The purpose of pre-logon is ...
Define the GlobalProtect Agent Configurations
Define the GlobalProtect Agent Configurations After a GlobalProtect user connects to the portal and is authenticated by the GlobalProtect portal, the portal sends the agent ...
GlobalProtect Certificate Best Practices
GlobalProtect Certificate Best Practices The following table summarizes the SSL/TLS certificates you will need, depending on which features you plan to use: Certificate Usage Issuing ...
HIP Objects Certificate Tab
HIP Objects Certificate Tab Objects GlobalProtect HIP Objects Certificate Select the Certificate tab to enable HIP matching based on the certificate profile and other certificate ...