After you have configured the portal and the gateway, and when you download the client from the portal the first time, the client always comes with the portal IP address or the hostname, as shown in the screenshot. The installer file also contains the information of the gateway/gateways. You will always authenticate against the portal first and then to the gateways. You have an option though to change the portal IP address or the hostname, if you want to connect to another portal.
So the only way to deploy the client is to have the users download it from the portal? Palo Alto doesn't have a C:\Program Files (x86)\Cisco Systems\VPN Client\Profiles\**portal.pcf file that can be sent with client? What is the file name that hold the Portal address on the client? We wanted to deploy via WSUS packager and and AD GP?
Please refer to GlobalProtect_Admin_Guide_v6.0.pdf, page 55 section Deploy Agent Settings Transparently.
You can define a GPO to push the installation of the GP client using the msiexec.exe
msiexec.exe /i GlobalProtect.msi <SETTING>="<value>"
Also, you can define a GPO to push the Portal registry String Value with the Host FQDN or IP address of the Portal so the client can download the GP configuration.
String Value "Portal" under HKEY_LOCAL_MACHINE\Software\Palo Alto Networks\GlobalProtect\PanSetup with the portal hostname in it.
Link on how to Deploy MSI's through your network with GPO:
GlobalProtect.msi can be downloaded from Support Portal: https://support.paloaltonetworks.com/Updates/SoftwareUpdates/
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!