Hardware reference guide
GlobalProtect Administrator’s Guide 55
Set Up the GlobalProtect Infrastructure Deploy the GlobalProtect Client Software
Deploy Agent Settings in the Windows Registry or Mac plist
You can set the GlobalProtect agent customization settings in the Windows registry
(
HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\Settings\) or the Mac global plist file
(
/Library/Preferences/com.paloaltonetworks.GlobalProtect.settings.plist). This enables deployment of
GlobalProtect agent settings to client systems prior to their first connection to the GlobalProtect portal. For a
list of commands and values, see Table: Customizable Agent Settings.
Download and Install the GlobalProtect Mobile App
The GlobalProtect app provides a simple way to extend the enterprise security policies out to mobile devices.
As with other remote hosts running the GlobalProtect agent, the mobile app provides secure access to your
corporate network over an IPSec or SSL VPN tunnel. The app will automatically connect to the gateway that is
closest to the end user’s current location. In addition, traffic to and from the mobile device is automatically
subject to the same security policy enforcement as other hosts on your corporate network. Like the
GlobalProtect agent, the app collects information about the host configuration and can use this information for
enhanced HIP-based security policy enforcement.
For a more complete mobile device security solution, you can leverage the GlobalProtect Mobile Security
Manger as well. This service provides for automated provisioning of mobile device configurations, device
security compliance enforcement, and centralized management and visibility into the mobile devices accessing
your network. In addition, GlobalProtect Mobile Security Manager seamlessly integrates with the other
GlobalProtect services on your network, enabling secure access to your network resources from any location
and granular policy enforcement based on HIP profiles. For details, see Set Up the GlobalProtect Mobile
Security Manager.
Use the following procedure to install the GlobalProtect mobile app.
Test the App Installation
Step 1 Create a client configuration for testing
the app installation.
As a best practice, create a client configuration that is limited to a
small group of users, such as administrators in the IT department
responsible for administering the firewall:
1. Select
Network > GlobalProtect > Portals and select the portal
configuration to edit.
2. Select the
Client Configuration tab and either select an existing
configuration or click
Add to add a new configuration to deploy
to the test users/group.
3. On the
User/User Group tab, click Add in the User/User
Group section and then select the user or group who will be
testing the agent.
4. In the OS section, select the app you are testing (iOS or
Android).
5. (Optional) Select the client configuration you just
created/modified and click
Move Up so that it is before any
more generic configurations you have created.
6.
Commit the changes.