Professional Documents
Culture Documents
To install GlobalProtect for IoT on Raspbian devices, complete the following steps.
GlobalProtect for IoT for Raspbian and Ubuntu supports an Arm-based architecture only.
1. From the Support Site, select and download the GlobalProtect package for your OS.
<version>
.deb
command.
3. Configure the VPN settings you want to predeploy for Raspbian IoT devices.
1. In the
client-cert
path, import the certificate in pcks12 format and save the file with a .pfx extension (for example,
pan_client_cert.pfx
).
2. In the
client-cert-passphrase
path, save the passcode file with .dat extension (for example,
pan_client_cert_passcode.dat
)
3. In the
log-path-service
path, if you are not using the default path for PanGPS (for example,
/opt/paloaltonetworks/globalprotect
log-setting
path folder has the same privilege as the globalprotect folder under
opt/paloaltonetworks
4. Create the
/opt/paloaltonetworks/globalprotect/pangps.xml
pre-deployment configuration file in the following format and edit the IP address of the GlobalProtect portal, and authentication settings, either: username and
password, or client certificate path (
client-cert-path
client-cert-passphrase
). You can also specify an optional folder in which to store GlobalProtect service (
log-path-service
) and agent (
log-path-agent
) logs.
<?xml version="1.0" encoding="UTF-8"?>
<GlobalProtect>
<PanSetup>
<Portal>192.168.1.160</Portal> //pre-deployed portal address
</PanSetup>
<PanGPS>
</PanGPS>
<Settings>
<portal-timeout>5</portal-timeout>
<connect-timeout>5</connect-timeout>
<receive-timeout>30</receive-timeout>
<os-type>IoT</os-type> //pre-deployed OS type for IoT. If this tag does not present, GP will automatic detect the OS type.
<head-less>yes</head-less> //pre-deployed head-less mode
<username>abc</username> //optional pre-deployed username
<password>xyz</password> //optional pre-deployed password
<client-cert-path>cli_cert_path</client-cert-path> //optional pre-deployed client certificate file(p12) path
<client-cert-passphrase>cli_cert_passphrase_path< /client-cert-passphrase> //optional pre-deployed client certificate passphrase file path
<log-path-service>/tmp/gps</log-path-service> //optional pre-deployed log folder for PanGPS
<log-path-agent>/tmp/gpa</log-path-agent> //optional pre-deployed log folder for PanGPA and globalprotect CLI
</Settings>
</GlobalProtect>
4. Restart the GlobalProtect process for the pre-deployment configuration to take effect.
5. After you deploy the IoT device, you can collect logs as needed using the
globalprotect collect-log
command.
user@raspbianhost:~/Desktop/data$ globalprotect collect-log
The support file is saved to /home/gptest/.GlobalProtect/GlobalProtectLogs.tgz
6. (
Optional
) If the authentication method is a is combination of username/password and client certificate authentication, make sure that the
CommonName