Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Automatic deployment of GlobalProtect for Mac via Intune

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Automatic deployment of GlobalProtect for Mac via Intune

L0 Member

My Company uses Intune for Mac management, and we are trying to automate as many app deployments as we can. Right now, I am hung up on GlobalProtect. I have already created a line-of-business app using the .pkg provided by Paloalto for GlobalProtect. The issue I am running into however, is the fact that the installer has multiple options; 1. Install 2. Uninstall 3. Add Extensions.

 

The Intune deployment doesn't know what to do about it, so it runs all 3. So it installs, then uninstalls. Is there any way to get just the installer portion? Also, are there installer arguments to pre-populate the vpn server info, like you can do with the windows installer?

10 REPLIES 10

L0 Member

Hi

 

Did you find any solution for this?

 

 

L0 Member

Hi @all,
I have exactly the same problem. 
Please provide your solution 😉

Cyber Elite
Cyber Elite

I actually haven't run into this issue when ran through a script outside of the application staying in Pending and not actively showing as properly installed. I've viewed that as an annoyance, but it doesn't really effect anything the way the script is running. 

#!/bin/sh

plistBuddy='/usr/libexec/PlistBuddy'
GPplistFile='/Library/Preferences/com.paloaltonetworks.GlobalProtect.settings.plist'
DownloadLocation = 'https://YourPortal/global-protect/getmsi.esp?version=none&platform=mac'

if [ -f ${GPplistFile} ]
then
	echo "Plist already exists..."
else
	echo "Creating Plist"
	${plistBuddy} -c "print : 'Palo Alto Networks':'GlobalProtect':'PanSetup':'Portal'" ${GPplistFile}
	${plistBuddy} -c "add :'Palo Alto Networks' dict" ${GPplistFile}
	${plistBuddy} -c "add :'Palo Alto Networks':'GlobalProtect' dict" ${GPplistFile}
	${plistBuddy} -c "add :'Palo Alto Networks':'GlobalProtect':'PanSetup' dict" ${GPplistFile}
	${plistBuddy} -c "add :'Palo Alto Networks':'GlobalProtect':'PanSetup':'Portal' string 'YourPortal'" ${GPplistFile}
	${plistBuddy} -c "add :'Palo Alto Networks':'GlobalProtect':'PanSetup':'Prelogon' integer 0" ${GPplistFile}
fi
	
if [ -d "/Applications/GlobalProtect.app" ]
then
	echo "Already installed..."
	exit 0
else
	echo "Preparing..."
	curl -L ${DownloadLocation} > "/tmp/GlobalProtect.pkg"
	echo "Installing..."	
	sudo installer -pkg "/tmp/GlobalProtect.pkg" -target /
	echo "Cleaning..."
	rm "/tmp/GlobalProtect.pkg"
	exit 0
fi

L0 Member

Has anyone had any luck with this? I am in the exact same situation, I see the app install and popup momentarily and then it uninstalls and disappears. Any help would be great, trying to get GP pushed out to Mac devices asap. 

L0 Member

This happens in our organization as well. In general, would be really nice if Paloalto could put some more resources to software delivery issues, especially on Intune and Jamf.

I am very surprise this issue hasn't been resolved by Palo Alto.

L0 Member

You will need to sign the package with a Developer Installer Certificate before you can deploy with a MDM. Apple is hard up about this and it is not clear at first. Only the owner of your Apple Development Enterprise can generate that Certificate as well.

 

L0 Member

Do we have any solutions for this?

 

L0 Member

Does this have solutions already?

L2 Linker

Hello folks!

 

Unfortunately, Intune + MacOS is not supported with GlobalProtect, here are the supported MDMs: https://docs.paloaltonetworks.com/globalprotect/10-1/globalprotect-admin/mobile-endpoint-management/...

Mark answer as solution if that solves your doubt

Senior Network Security Engineer
PCNSE | CCNP | JNCIP
  • 9894 Views
  • 10 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!