Hardware reference guide

ManualsBrandsAlto ManualsComputer equipmentBEXT 100H

54 GlobalProtect Administrator’s Guide

Deploy the GlobalProtect Client Software Set Up the GlobalProtect Infrastructure

Customizable Agent Settings

In addition to pre-deploying the portal address, you can also define the agent configuration settings. Table:

Customizable Agent Settings describes each customizable agent settings. Settings defined in the GlobalProtect

portal client configuration take precedence over settings defined in the Windows Registry or the Mac plist.

However, one setting—

can-prompt-user-credential—is not available in the portal client configuration and

must be set through the Windows Registry (applicable to Windows clients only). This setting is used in

conjunction with single sign-on and indicates whether or not to prompt the user for credentials if SSO fails.

Table: Customizable Agent Settings

Deploy Agent Settings from MSIEXEC

On Windows clients you have the option to deploy both the agent and the settings automatically from the

Windows Installer (MSIEXEC) using the following syntax:

msiexec.exe /i GlobalProtect.msi <SETTING>="<value>"

For example, to prevent users from connecting to the portal if the certificate is not valid, you would change

setting as follows:

msiexec.exe /i GlobalProtect.msi CANCONTINUEIFPORTALCERTINVALID="no"

For a complete list of settings and the corresponding default values, see Table: Customizable Agent Settings.

Portal Client Configuration Windows Registry/ Mac plist MSIEXEC Parameter Default

Enable advanced view

enable-advanced-view yes | no ENABLEADVANCEDVIEW=”yes|no”

yes

Show GlobalProtect icon

show-agent-icon yes | no SHOWAGENTICON=”yes|no”

yes

Allow users to change portal

address

can-change-portal yes | no CANCHANGEPORTAL=”yes|no”

yes

Allow user to save password

can-save-password yes | no CANSAVEPASSWORD=”yes|no”

yes

Enable rediscover network

option

rediscover-network yes | no REDISCOVERNETWORK=”yes|no”

yes

Enable Resubmit Host Profile

option

resubmit-host-info yes | no RESUBMITHOSTINFO=”yes|no”

yes

Allow user to continue if portal

server certificate is invalid

can-continue-if-portal-cert-

invalid yes | no

CANCONTINUEIFPORTALCERTINVALID=”y

es|no”

yes

Use single sign-on

use-sso yes | no USESSO=”yes|no”

yes

Config Refresh Interval (hours)

refresh-config-interval <hours> REFRESHCONFIGINTERVAL=”<hours>”

Connect Method

connect-method on-demand |

pre-logon | user-logon

CONNECTMETHOD=”on-demand |

pre-logon | user-logon”

user-logon

Windows only/not in portal

can-prompt-user-credential yes

| no

CANPROMPTUSERCREDENTIAL=”yes |

no”

yes