Administrative Install

Reply
Highlighted
L2 Linker

Administrative Install

I'm having trouble finding the correct administrative installation process.  I have several field reps that do not have administrative rights to their laptops.  I need to install GlobalProtect for them and have it pre-configured with proper certificates, portal addresses, etc.  My certificates are self-generated by the firewalls, so are not trusted by a third-party such as goDaddy. 

My installation process is:

  • login with a proper administrative account
  • install the proper certificates into local computer and local user stores
  • install the agent using msiexec /i globalprotect.msi POSTVPNCONNECTCOMMAND=\\server\path\logon.bat PORTAL=vpn.domain.us /quiet

This sets up the first portal, but I have two portals.  I've tried importing registry files for the second portal and it works for user that ran the install, but not for any other user on the system.  All other users only have the portal created by the msiexec install.  So how do I install the agent with two portals?  

When the user first logs in, they are asked to accept the certificate of the portal, even though the cert is previously installed.  This acceptance is only required the first time the user logs in.  How do I have the agent accept this certificate so not to ask the end user?

Highlighted
L4 Transporter

Re: Administrative Install

The GlobalProtect agent uses Internet Explorer in the background, so it should trust whatever certs are in the Trusted Root Certificate Authorities store.  Are you placing the signing certificate used on the firewall in this store?

 

I'm not sure as to the multiple portal configuration.  If you don't mind me asking, why are you doing two separate portals?

Highlighted
L2 Linker

Re: Administrative Install

Yes, I'm placing the signing certificate from the firewall in both the Local Computer and Current User Trusted Root Certification Authorities.

I have two portals because I have two different sites.

Highlighted
L4 Transporter

Re: Administrative Install

Does it fit within your usage requirements to do one portal with two different gateways?  For example, if it will all be the same users, but sometimes they'll connect to Site A, and sometimes to Site B, do one portal config with both gateways listed as options for manual connection?

 

  gateways.png

Highlighted
L2 Linker

Re: Administrative Install

No.  My second site is a warm backup site - so if my primary portal is down, that means my primary portal site is down and there wouldn't be any way to get to the second gateway configured on the primary.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!