GlobalProtect install restrictions

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

GlobalProtect install restrictions

L0 Member

Hi all


I was wondering if there was a way to restrict who can install the GlobalProtect client ?

 

As an example, at the moment if any user launches the gateway page can download and install the client on their own computer albeit they need an active account, but the thought of them being able to install it on an infected home computer does worry me. I was thinking is there a way to lock it down to domain joined computers only ?

 

Thanks

4 REPLIES 4

Community Team Member

Hi @djh3003,

 

You cannot restrict it in such a way.

That said, you  could use client certificates or HIP profiles to prevent untrusted devices from connecting to your network.

 

Cheers !

-Kiwi.

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

@kiwi is correct.

 

even if you did find a way to restrict this you can easily obtain it from the web.

 

we use user certs for windows systems and HIP for IPad. as suggested by @kiwi

 

HIP of course will require an additional licence.

Thanks guys

 

Do you know if there is much information on using usercerts for globalprotect ?

 

Yes tons of it...

start here for an oveview.

https://www.paloaltonetworks.com/documentation/80/globalprotect/globalprotect-admin-guide/authentica...

 

Are all your users on AD. If so then you could use this for certificate generation and distribution.

 

 

 

 

  • 2186 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!