Jamf Nation Community

Deku91 · ‎08-09-2023

Hi,

I am trying to add 2 Portals for Global Protect VPN with a script, but it only shows 1 portal even-though I added the 2do Portal to the script. Is there any other way I can achieve this? or is there is anyone out there using a script to add 2 portals, thank you. if you can be very specific on how to do this please, thank you.

sdagley · ‎08-10-2023

@Deku91 This is a modified version of the PAN supplied script that should create a GlobalProtect configuration .plist with multiple portals:

#!/bin/bash

## Description: Checks for global preferences file and populates
## it with the default portal if needed.
## Body ###########################################################
## Declare Variables ##############################################

# Get current Console user
active_user=$( stat -f "%Su" /dev/console )

# Global Prefs File
gPrefs=/Library/Preferences/com.paloaltonetworks.GlobalProtect.settings.plist

## Logic ##########################################################
# Check to see if the global preference file already exists...
if [[ -e $gPrefs ]]; then
 echo "Default global portal already exists. Skipping."
else
 echo "Setting default global portal to: your.portal.here.com"
     # If it does not already exist, create it and populate the
 default portal using the echo command
       echo '<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Palo Alto Networks</key>
    <dict>
        <key>GlobalProtect</key>
        <dict>
            <key>PanSetup</key>
            <dict>
                <key>Portal</key>
                	<array>
                		<string>first.portal.here.com</string>
                		<string>second.portal.here.com</string>
                	</array>
                <key>Prelogon</key>
                <string>0</string>
            </dict>
            <key>Settings</key>
            <dict>
                <key>connect-method</key>
                <string>on-demand</string>
            </dict>
        </dict>
    </dict>
</dict>
</plist>
' > $gPrefs
echo $?

  # Kill the Preference caching daemon to prevent it from overwriting any changes
 killall cfprefsd
 echo $?
fi

# Check exit code.
exit $?

Deku91 · ‎08-10-2023

Hi, I just try but didn't work, I am using a .PLIST that I found and is working with no issues, thank you.

sdagley · ‎08-10-2023

@Deku91 I'm glad you found something that's working. If possible please post the .plist you found that's working to close the loop on this question.

Deku91 · ‎08-10-2023

Hello, I am kind of new to Jamf Pro, but trying my best to improve my Organization, here are the steps I did to make GlobalProtect Work with more than 1 portal, if you one only have 1 Portal, you can delete the 2nd Portal String

Instructions:

1.- Upload your GP.pkg

2.- Create a policy with your GP.PKG and include an Update Inventory as Maintenance (Don't Scope it yet)

3.- Create a Configuration Profile:

Preference Domain: com.paloaltonetworks.GlobalProtect.Client

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PanPortalList</key>
<array>
<string>YOUR.PORTAL</string>
<string>YOUR.PORTAL</string>
</array>
</dict>
</plist>

4.- Create 2 Smart Groups:
A.- Name: Global Protect V6
* Application Title is GlobalProtect.app
* Application Version is 6.1.1-5
* Application Version is 6.1.1-6

B.- Name: GlobalProtect Not Installed
* Application Title Does not have GlobalProtect.app

5.- Go Back to the Configuration Profile and click on Scope:

A.- Target: Global Protect V6

B.- Exclusions: GlobalProtect Not Installed

6.- Go to your "GlobalProtect Policie"

A.- Scope to the computers you want to install

B.- Recurring Check-in

C.- Execution Frequency: Once per computer

Jamf Nation Community

Global Protect V6 Multiple Portals