How to configure macOS Plist with On-Demand connect method and pre-defined portal

How to configure macOS Plist with On-Demand connect method and pre-defined portal

23933
Created On 05/14/20 04:46 AM - Last Modified 06/15/20 21:55 PM


Objective


  • Initial deployment of GlobalProtect (GP) app for macOS users using global plist (Property List) with GP client configured for connect method On-Demand and a pre-defined portal.
  • This enables deployment of GlobalProtect app settings to macOS endpoints prior to their first connection to the GlobalProtect portal.



 

Environment


  • PAN-OS 7.1 and above.
  • Palo Alto Firewall.
  • GlobalProtect Portal/Gateway
  • GlobalProtect app version 5.0 and above

 

Procedure


Note: This article assumes that a plist file has been created and ready to be copied to the appropriate local folder.
  1. Uninstall previous GP version to clear local GP user cache.
  2. Copy plist file "com.paloaltonetworks.GlobalProtect.settings.plist" to /Library/Preferences/
Plist file can be edited using Xcode or any text editor such as vi. Below is an example of setting the Portal name to "mygp.portal.com" and connect-method to "on-demand".

            Example: Plist file "com.paloaltonetworks.GlobalProtect.settings.plist"
 
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Palo Alto Networks</key>
    <dict>
        <key>GlobalProtect</key>
        <dict>
            <key>PanGPS</key>
            <dict/>
            <key>PanSetup</key>
            <dict>
                <key>Portal</key>
                <string>mygp.portal.com</string>
            </dict>
            <key>Settings</key>
            <dict>
                <key>connect-method</key>
                <string>on-demand</string>
            </dict>
        </dict>
    </dict>
</dict>
</plist>
  1. Go to /Library/Preferences and verify the copied plist.
    Open Terminal and run these commands.
  •  cd /Library/Preferences/
  •  pwd                  > Verify correct directory "/Library/Preferences"
  •  cat <plist file>  > Validate the file exist in the directory and desired settings (on-demand, portal).
  1. Install the latest GP v5.1.3 (or latest preferred version)
  2. After install, GP GUI should display "Not Connected" and "Connect" button is clickable.
  3. From GP console, open Settings > General. This should show the portal name as a configured portal in the plist file.

Additional Information


  • macOS endpoints, plist files are either located in /Library/Preferences or in ~/Library/Preferences.
  • For the initial installation of GP, plist file needs to be copied in both /Library/Preferences and ~/Library/Preferences folder of the Mac endpoint.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g0000008U3UCAU&lang=en_US%E2%80%A9&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language