GlobalProtect Portals Agent Config Selection Criteria Tab
- NetworkGlobalProtectPortals<portal-config>Agent<agent-config>Config Selection Criteria
Select the Config Selection Criteria tab to configure the matching criteria used to identify the endpoint type in deployments with both managed and unmanaged endpoints. The portal can push specified configurations to the endpoint based on the endpoint type.
GlobalProtect Portal Config Selection Criteria Settings
|User/User Group tab|
Add one or more endpoint operating system (OS) to specify which endpoints receive this configuration. The portal automatically learns the OS of the endpoint and incorporates details for that OS in the client configuration. You can select Any OS or a specific OS (Android, Chrome, iOS, Linux, Mac, Windows, or WindowsUWP).
Add the specific users or user groups to which this configuration applies.
You must configure group mapping (DeviceUser IdentificationGroup Mapping Settings) before you can select user groups.
To deploy this configuration to all users, select any from the User/User Group drop-down. To deploy this configuration only to users with GlobalProtect apps in pre-logon mode, select pre-logon from the User/User Group drop-down.
Machine account exists with device serial number
Configure matching criteria based on whether the endpoint serial number exists in the Active Directory.
Select the certificate profile that the GlobalProtect portal uses to match the machine certificate sent by the GlobalProtect app.
Select this option to define custom host information to match.
To check Windows endpoints for a specific registry key, Add the Registry Key for which to match. To match only the endpoints that lack the specified registry key or key value, enable the Key does not exist or match the specified value data option. To match on specific values, Add the Registry Value and Value Data. To match endpoints that explicitly do not have the specified value or value data, select Negate.
To check macOS endpoints for a specific entry in the property list (plist), Add the Plist name. To match only the endpoints that do not have the specified plist, enable the Plist does not exist option. To match on specific key-value pairs within the plist, Add the Key and corresponding Value. To match endpoints that explicitly do not have the specified key or value, select Negate.
Agent Configurations Based on Software and App Settings
Agent Configurations Based on Software and App Settings Use the following steps to push agent configurations to connecting endpoints based on the presence of specific ...
Collect Application and Process Data From Endpoints
Collect Application and Process Data From Endpoints The Windows Registry and macOS plist can be used to configure and store settings for Windows and Mac ...
Define the GlobalProtect Agent Configurations
Define the GlobalProtect Agent Configurations After a GlobalProtect user connects to the portal and is authenticated by the GlobalProtect portal, the portal sends the agent ...
HIP-Based Policy Enforcement Based on the Endpoint Status
HIP-Based Policy Enforcement Based on the Endpoint Status Use the following steps to enforce HIP-based security policies based on the status of connecting endpoints: To ...
GlobalProtect Portals Portal Data Collection Tab
GlobalProtect Portals Portal Data Collection Tab Select Network GlobalProtect Portals Portal Data Collection to define the data that the GlobalProtect app collects from endpoints and ...
HIP Objects Custom Checks Tab
HIP Objects Custom Checks Tab Objects GlobalProtect HIP Objects Custom Checks Select the Custom Checks tab to enable HIP matching on any custom checks you ...
Remote Access VPN with Pre-Logon
Remote Access VPN with Pre-Logon Pre-logon is a connect method that establishes a VPN tunnel before a user logs in. The purpose of pre-logon is ...
Set Up Access to the GlobalProtect Portal
Set Up Access to the GlobalProtect Portal After you have completed the Prerequisite Tasks for Configuring the GlobalProtect Portal , configure the GlobalProtect portal as ...
GlobalProtect Portals Agent Data Collection Tab
GlobalProtect Portals Agent HIP Data Collection Tab Network GlobalProtect Portals Agent HIP Data Collection Select the HIP Data Collection tab to define the data that ...