+6Hi,
I am trying to add 2 Portals for Global Protect VPN with a script, but it only shows 1 portal even-though I added the 2do Portal to the script. Is there any other way I can achieve this? or is there is anyone out there using a script to add 2 portals, thank you. if you can be very specific on how to do this please, thank you.
+25@Deku91 This is a modified version of the PAN supplied script that should create a GlobalProtect configuration .plist with multiple portals:
#!/bin/bash
## Description: Checks for global preferences file and populates
## it with the default portal if needed.
## Body ###########################################################
## Declare Variables ##############################################
# Get current Console user
active_user=$( stat -f "%Su" /dev/console )
# Global Prefs File
gPrefs=/Library/Preferences/com.paloaltonetworks.GlobalProtect.settings.plist
## Logic ##########################################################
# Check to see if the global preference file already exists...
if [[ -e $gPrefs ]]; then
echo "Default global portal already exists. Skipping."
else
echo "Setting default global portal to: your.portal.here.com"
# If it does not already exist, create it and populate the
default portal using the echo command
echo '<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Palo Alto Networks</key>
<dict>
<key>GlobalProtect</key>
<dict>
<key>PanSetup</key>
<dict>
<key>Portal</key>
<array>
<string>first.portal.here.com</string>
<string>second.portal.here.com</string>
</array>
<key>Prelogon</key>
<string>0</string>
</dict>
<key>Settings</key>
<dict>
<key>connect-method</key>
<string>on-demand</string>
</dict>
</dict>
</dict>
</dict>
</plist>
' > $gPrefs
echo $?
# Kill the Preference caching daemon to prevent it from overwriting any changes
killall cfprefsd
echo $?
fi
# Check exit code.
exit $?
+6@Deku91 This is a modified version of the PAN supplied script that should create a GlobalProtect configuration .plist with multiple portals:
#!/bin/bash
## Description: Checks for global preferences file and populates
## it with the default portal if needed.
## Body ###########################################################
## Declare Variables ##############################################
# Get current Console user
active_user=$( stat -f "%Su" /dev/console )
# Global Prefs File
gPrefs=/Library/Preferences/com.paloaltonetworks.GlobalProtect.settings.plist
## Logic ##########################################################
# Check to see if the global preference file already exists...
if [[ -e $gPrefs ]]; then
echo "Default global portal already exists. Skipping."
else
echo "Setting default global portal to: your.portal.here.com"
# If it does not already exist, create it and populate the
default portal using the echo command
echo '<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Palo Alto Networks</key>
<dict>
<key>GlobalProtect</key>
<dict>
<key>PanSetup</key>
<dict>
<key>Portal</key>
<array>
<string>first.portal.here.com</string>
<string>second.portal.here.com</string>
</array>
<key>Prelogon</key>
<string>0</string>
</dict>
<key>Settings</key>
<dict>
<key>connect-method</key>
<string>on-demand</string>
</dict>
</dict>
</dict>
</dict>
</plist>
' > $gPrefs
echo $?
# Kill the Preference caching daemon to prevent it from overwriting any changes
killall cfprefsd
echo $?
fi
# Check exit code.
exit $?
Hi, I just try but didn't work, I am using a .PLIST that I found and is working with no issues, thank you.
+25Hi, I just try but didn't work, I am using a .PLIST that I found and is working with no issues, thank you.
@Deku91 I'm glad you found something that's working. If possible please post the .plist you found that's working to close the loop on this question.
+6Hello, I am kind of new to Jamf Pro, but trying my best to improve my Organization, here are the steps I did to make GlobalProtect Work with more than 1 portal, if you one only have 1 Portal, you can delete the 2nd Portal String
Instructions:
1.- Upload your GP.pkg
2.- Create a policy with your GP.PKG and include an Update Inventory as Maintenance (Don't Scope it yet)
3.- Create a Configuration Profile:
Preference Domain: com.paloaltonetworks.GlobalProtect.Client
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PanPortalList</key>
<array>
<string>YOUR.PORTAL</string>
<string>YOUR.PORTAL</string>
</array>
</dict>
</plist>
4.- Create 2 Smart Groups:
A.- Name: Global Protect V6
* Application Title is GlobalProtect.app
* Application Version is 6.1.1-5
* Application Version is 6.1.1-6
B.- Name: GlobalProtect Not Installed
* Application Title Does not have GlobalProtect.app
5.- Go Back to the Configuration Profile and click on Scope:
A.- Target: Global Protect V6
B.- Exclusions: GlobalProtect Not Installed
6.- Go to your "GlobalProtect Policie"
A.- Scope to the computers you want to install
B.- Recurring Check-in
C.- Execution Frequency: Once per computer
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.