Global Protect Pre-deployment with AlwaysOn and Network Connection Enforcement

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Global Protect Pre-deployment with AlwaysOn and Network Connection Enforcement

L1 Bithead
Hi all, We are currently deploying global protect but we are not using Portal to install Global Protect in the users Workstations, instead we are using SCCM. There are multiple configuration options that can be deployed with the installation but we have not been able to find a solution to deploy Global Protect with AlwaysON enabled and als Network Connection Enforcement unless the user first connects to the Portal/GW and download the configuration. Can you please point me in the right direction or send me an article that I can follow so that when we deploy Global Protect with SCCM the computer is automatically locked down and the user only has access to the network if they are connected to the GP Portal/GW? Any solution/answer is greatly appreciated. Thank you,
1 accepted solution

Accepted Solutions

Cyber Elite
Cyber Elite

You're going to want to pre-deploy the required registry keys so that GlobalProtect is actually configured properly. Look at HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\, specifically PanSetup and Settings on a device that has already connected. Exactly what keys you'll need in your environment I'm not positive, I generally work backwards and figure it out each time I'm tasked with this since people always have slightly different options configured.

 

View solution in original post

2 REPLIES 2

Cyber Elite
Cyber Elite

You're going to want to pre-deploy the required registry keys so that GlobalProtect is actually configured properly. Look at HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\, specifically PanSetup and Settings on a device that has already connected. Exactly what keys you'll need in your environment I'm not positive, I generally work backwards and figure it out each time I'm tasked with this since people always have slightly different options configured.

 

L1 Bithead

Thank you very much. With this you are confirming that indeed is possible and that this is managed by the registry keys as the rest of the options. I am going to have to start researching backwards. I believe there is still some work in documentation required by Palo Alto in this subject.

  • 1 accepted solution
  • 1417 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!