GlobalProtect - how to edit the download page

Announcements

Changes to the LIVEcommunity experience are coming soon... Here's what you need to know.

Reply
etnerual
L1 Bithead

GlobalProtect - how to edit the download page

Is it possible to edit the GlobalProtect download page?

On the page where users are prompted to download the 32bit, 64bit, or Mac version version of GP, I would like to add some instructions for the not so savvy user on which version to select and how to install the client.  If there's a better way of doing this I'm open to it.  Setting it up via AD is not an option.

I tried it on the Portal login page but my text shows up on the Login page AND the Download page.  Would prefer the text to only show up on the Download page.

jvalentine
L7 Applicator

These commands may help:

set global-protect redirect on

set global-protect redirect location https://vpn.example.com

You're not customizing the download page, you're redirecting to a new webserver where you can do whatever you want (downloads, instructions, etc.) 

amansour
L4 Transporter

You are wrong. This only redirects the binary file.

You can select multiple gateways for users but all your help should be on the portal page which you can customize.

ericgearhart
L4 Transporter

Looks like amansour is right...

From the 5.0 CLI Guide:

> redirect — GlobalProtect portal configuration
     > location — Location to fetch GlobalProtect Agent binary file (path: http://host/directory-path)
     > off — Disables redirect (allows Agent download from GlobalProtect Portal only)
     > on — Enables hosting GlobalProtect Agent download files 
                 on a server other than the GlobalProtect Portal 
etnerual
L1 Bithead

Exactly which portal page are you referring to?  I know you can modify the "Global Protect Login Page" but whatever you place on this page is viewable pre-login.  Once you've logged in you are taken to the "global-protect/getsoftwarepage.esp" which is the page I would like to modify.

amansour
L4 Transporter

Yeah, we all wish! Even if you could modify it the box isn't a proxy, it won't re-write. So if you thought you'd put a few internal links there so you could have SSL-ONLY access, you can't.

All you can do after you authenticate is download the VPN clients. 

Your best bet is to modify the only page you can which is the initial portal page (the one with the login on it)  You can even remove the Login portion and create an instruction page about getting the clients and installing them.  Because the only thing you can connect to on the SSL splash page is the links to download the executable, nothing else.

You could also (if your adventurous) create a NAT rule to an internal web-server and create a captive portal screen so you'd modify whatever you like, login, the site they access after login.  Only problem is you would have the same user to IP mapping if 2 users came over the same NAT device publicly.

etnerual
L1 Bithead

I've tried modifying the portal login page.  The PAN automatically inserts the html code to call for the "<pan_form/>" at the end - the login username/password still appears.  Hopeless.

Abs
L3 Networker

Nah, it's not hopeless. There is a way around that...just display the page source once you render it, and then copy and past the source output HTML. Make sure you remove the PAN form variable.

etnerual
L1 Bithead


Already tried that.  I had a blank HTML page as my portal login - just the <html> and </html>

The form still appears.

Abs
L3 Networker

How did you do it? I've done this in the past, and it worked. Can I see your code?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!