GlobalProtect - how to edit the download page

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

GlobalProtect - how to edit the download page

L1 Bithead

Is it possible to edit the GlobalProtect download page?

On the page where users are prompted to download the 32bit, 64bit, or Mac version version of GP, I would like to add some instructions for the not so savvy user on which version to select and how to install the client.  If there's a better way of doing this I'm open to it.  Setting it up via AD is not an option.

I tried it on the Portal login page but my text shows up on the Login page AND the Download page.  Would prefer the text to only show up on the Download page.

14 REPLIES 14

L7 Applicator

These commands may help:

set global-protect redirect on

set global-protect redirect location https://vpn.example.com

You're not customizing the download page, you're redirecting to a new webserver where you can do whatever you want (downloads, instructions, etc.) 

You are wrong. This only redirects the binary file.

You can select multiple gateways for users but all your help should be on the portal page which you can customize.

L4 Transporter

Looks like amansour is right...

From the 5.0 CLI Guide:

> redirect — GlobalProtect portal configuration
     > location — Location to fetch GlobalProtect Agent binary file (path: http://host/directory-path)
     > off — Disables redirect (allows Agent download from GlobalProtect Portal only)
     > on — Enables hosting GlobalProtect Agent download files 
                 on a server other than the GlobalProtect Portal 

Exactly which portal page are you referring to?  I know you can modify the "Global Protect Login Page" but whatever you place on this page is viewable pre-login.  Once you've logged in you are taken to the "global-protect/getsoftwarepage.esp" which is the page I would like to modify.

Yeah, we all wish! Even if you could modify it the box isn't a proxy, it won't re-write. So if you thought you'd put a few internal links there so you could have SSL-ONLY access, you can't.

All you can do after you authenticate is download the VPN clients. 

Your best bet is to modify the only page you can which is the initial portal page (the one with the login on it)  You can even remove the Login portion and create an instruction page about getting the clients and installing them.  Because the only thing you can connect to on the SSL splash page is the links to download the executable, nothing else.

You could also (if your adventurous) create a NAT rule to an internal web-server and create a captive portal screen so you'd modify whatever you like, login, the site they access after login.  Only problem is you would have the same user to IP mapping if 2 users came over the same NAT device publicly.

I've tried modifying the portal login page.  The PAN automatically inserts the html code to call for the "<pan_form/>" at the end - the login username/password still appears.  Hopeless.

Nah, it's not hopeless. There is a way around that...just display the page source once you render it, and then copy and past the source output HTML. Make sure you remove the PAN form variable.


Already tried that.  I had a blank HTML page as my portal login - just the <html> and </html>

The form still appears.

How did you do it? I've done this in the past, and it worked. Can I see your code?

All I want is for the download page to either open the clients GP if already installed or somehow add language to instruct the user if they see the icon its already installed. We have users keep downloading the install files expecting that after they login itll 'start the vpn connection'.

Noone?

L4 Transporter

You can't do a client side detection in the browser as to whether or not they have it installed on that page. 

The way I would do this, is to have a download page which is separate, internally accessible and then you could add a HIP check (if you have that license) which says if you already have the client, put up a block page.  Again, the links to the GP clients on the portal page are all you get, so having an internal page, maybe even one with LDAP auth is pretty easy to make, then on the hosted server you could allow/deny rules with the HIP check or have multi-language or whatever you want. Make sense?

Hello,

 

I am facing same thing, i need to edit a "GetSoftwarePage" after client logged in successfully.

I need to add some instruction, as well as putting a download link for Linux user.

 

Is it possible? or only workaround is redirecting to another page.

Thank you.

L0 Member

You can also try this. Just change the template with the html that you want:

 

 

<script>
// Customizations - pass in values below.  Used in GlobalProtect login page
// and also getsoftwarepage
// Change customization of 'GlobalProtect Portal Home Page' to get uniform look

var favicon = '';               // URL to the icon displayed in browser's address bar
var logo = '';                  // URL to the company logo
var bg_color = '';              // Background color
var gp_portal_name = ' ';        // Text under company logo
var gp_portal_name_color = '#000000';  // Color for text under company logo
var error_text_color = '#900D09';      // Text color for logon failure message

// var linksContainer = document.getElementById('getsoftwarepage_form').;

function checkRoute() {

  var template = 
  '<table style="width:100%; padding-top: 20px;">\
  <tbody><tr>\
      <td align="center" valign="middle">\
          <div id="taGetSofewarePage">\
              <p>\
                <a href="/global-protect/getmsi.esp?version=32&amp;platform=windows">\
                  Download Windows 32 bit GlobalProtect agent\
                </a></p><p><a href="/global-protect/getmsi.esp?version=64&amp;platform=windows">Download Windows 64 bit GlobalProtect agent</a></p><p><a href="/global-protect/getmsi.esp?version=none&amp;platform=mac">Download Mac 32/64 bit GlobalProtect agent</a></p><table width="300px" height="100px" border="0" cellpadding="0" cellspacing="0">\
                  <tbody><tr id="dDescription32">\
                      <td>Windows 32 bit OS needs to download and install Windows 32 bit GlobalProtect agent.</td>\
                  </tr>\
                  <tr id="dDescription64">\
                      <td>Windows 64 bit OS needs to download and install Windows 64 bit GlobalProtect agent.</td>\
                  </tr>\
                  <tr id="dDescriptionMac">\
                      <td>Mac OS needs to download and install Mac 32/64 bit GlobalProtect agent.</td>\
                  </tr>\
                  <tr id="dFormat">\
                  </tr>\
              </tbody></table>\
          </div>\
      </td>\
  </tr>\
  </tbody></table>'
  ;
  
  if (window.location.pathname === '/global-protect/getsoftwarepage.esp') {
    document.getElementById('getsoftwarepage_form').innerHTML = template
  }
}

document.addEventListener("DOMContentLoaded", function() {
  checkRoute();
})


</script>
</head>
<style>
body  {
  background-image: url("");
  background-color: #cccccc;
  color: #cccccc;
}
</style>
<body>
<div class="loginscreen_logo">
  <div id="logo">
    <img src="portal/images/logo-pan-48525a.svg" 
         onerror="this.onerror=null; this.src='portal/images/logo-pan-48525a.png'"
         alt="">
  </div>
  
  <div id="activearea">
    <div id="heading"></div>
    <div id="formdiv">
      <pan_form/>
    </div>
  </div>
</div>

<!-- IE10 viewport hack for Surface/desktop Windows 8 bug -->
<script src="portal/js/ie10-viewport-bug-workaround.js"></script>

</body>
</html>

 

 

  • 10020 Views
  • 14 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!