Escolar Documentos
Profissional Documentos
Cultura Documentos
D1 / D2
GP-100
3. Connect the Ethernet cable to the MGT port (Figure 1) and the
power cable in to the rear of the appliance.
4. Verify LEDs (Figure 2).
Red: System error
1. System health Green: Healthy
2. HDD activity Blinks green to indicate activity
1 / D2
Blinks green to indicate activity
3. LAN activity
Green: System is powered on
4. Power
Top: Blinks green to indicate activity
5. Disk drive
Bottom: Green indicates disk healthy
Red indicates disk failure
Figure 1
MGT
Internet
Management
Network
1 2 3
Device Check-in /
GlobalProtect Gateway HIP Retrieval
GP-100
Figure 2
Set up Enrollment
1. Enable user authentication (LDAP, RADIUS, and Kerberos are supported).
a. Create the server profile for connecting to the authenticating service (Setup > Server Profiles).
b. Create an authentication profile and attach the server profile (Setup > Authentication Profile).
c. Use the authentication profile for enrollment (Setup > Settings > Server > Authentication Settings).
2. Set up identity certificate generation.
Note: You can use an existing SCEP server to issue identity certificates for your iOS devices.
a. To create a root CA certificate for signing identity certificates, select Setup > Certificate
Management > Certificates > Device Certificates and click Generate.
b. Enter a Certificate Name, such as GP-100_CA. The certificate name cannot contain any spaces.
c. Do not select a value in the Signed By field (this is what indicates that it is self-signed).
d. Select the Certificate Authority check box and then Generate the certificate.
3. Configure the enrollment settings.
a. Select Setup > Settings > Server and then edit the Enrollment Settings to configure the Host
Name of the device check-in interface (FQDN or IP address; it must match the value in the CN
field of the server certificate you imported in Section 2 Step 3).
b. Enter the Organization Name to display on the device profiles.
c. Enter a Consent Message that lets users know that they are enrolling in device management.
d. Select the Certificate Authority you configured for issuing identity certificates.
e. Commit the changes.
4. On the firewall hosting the GlobalProtect portal, perform the following steps to add the
GP-100 appliance address to push to the mobile devices in the client configuration.
a. Select Network > GlobalProtect > Portals and select the portal configuration to modify.
b. On the Client Configuration tab, select or add the client configuration.
c. In the Mobile Security Manager field, enter the IP address or FQDN of the device check-in
interface (must match the enrollment host name configured in Step 3a).
d. Commit the changes on the GlobalProtect portal.
Set up Policies
1. Create iOS and Android configurations (Policies > Configuration), and provisioning profiles (iOS
only) to push to managed devices.
2. Create policies by defining the match criteria and attaching the configurations/profiles (Policies >
Policies).
Next Steps
p
*
Schedule daily device state backups for recovery from misconfiguration or server failure (Setup >
Scheduled Backup Export).
* Define HIP objects and HIP profiles for use in device policy deployment (Policies > HIP Object).
* On the firewall hosting the GlobalProtect gateway, set up access to to the GP-100 appliance for HIP
report retrieval for mobile devices (Network > GlobalProtect > MDM).
* Integrate with your firewalls security policy.
For detailed instructions, refer to the GlobalProtect Administrators Guide.