Payload PaloAlto Global Protect App-Level

Tino Rosenow

Hallo zusammen,

wir versuchen mittels der GlobalProtect-App einen APP-Level VPN Tunnel aufzubauen und scheitern an der Konfiguration. Das VPN benutzt das GP-Plugin, für den Tunnel, jedoch bekommen wir kein konfiguriertes Payload für die GP-App hin. Leider sind in der PaloAlto Dokumentation "Third-Party MDMs" nicht hinreichend erläutert.

Hat jemand Erfahrung mit der Konfiguration der GlobalProtect-App mittels Payload ? (anbei eine Beispiel-App-Level Payload von PaloAlto)

<?xml version="1.0" encoding="UTF-8"?> 
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> 
<plist version="1.0"> 
	<dict> 
		<key>PayloadContent</key> 
		<array> 
			<dict> 
				<key>PayloadDescription</key> 
					<string>Configures VPN settings, including authentication.</string> 
				<key>PayloadDisplayName</key> 
					<string>VPN (Sample App Level VPN)</string> 
				<key>PayloadIdentifier</key> 
					<string>Sample App Level VPN.vpn</string> 
				<key>PayloadOrganization</key> 
					<string>Palo Alto Networks</string> 
				<key>PayloadType</key> 
					<string>com.apple.vpn.managed.applayer</string> 
				<key>PayloadVersion</key> 
					<integer>1</integer> 
				<key>VPNUUID</key> 
					<string>cGFuU2FtcGxlIEFwcCBMZXZlbCBWUE52cG5TYW1wbGUgQXBwIExldmVsIFZQTg==</string> 
				<key>SafariDomains</key> 
					<array> 
						<string>*.paloaltonetworks.com</string> 
					</array> 
				<key>PayloadUUID</key> 
					<string>54370008-205f-7c59-0000-01a1</string> 
				<key>UserDefinedName</key> 
					<string>Sample App Level VPN</string> 
				<key>Proxies</key> 
				<dict/> 
				<key>VPNType</key> 
					<string>VPN</string> 
				<key>VPNSubType</key> 
					<string>com.paloaltonetworks.GlobalProtect.vpnplugin</string> 
				<key>IPv4</key> 
				<dict> 
				<key>OverridePrimary</key> 
					<integer>0</integer> 
				</dict> 
				<key>VPN</key> 
				<dict>
				<key>RemoteAddress</key> 
					<string>gp.paloaltonetworks.com</string> /// Portal GlobalProtect - FQDN VPN-Verbindungspunkt
				<key>AuthName</key> 
						<string></string>                /// Portal Auth-User - Portal-Username
				<key>AuthenticationMethod</key> 
						<string>password</string>        ///  Portal Auth-Type - Portal Authentication Typ (Passwort oder Zertifikat)
				<key>OnDemandMatchAppEnabled</key> 
					<integer>1</integer> 
				<key>OnDemandEnabled</key> 
					<integer>1</integer> 
				<key>DisconnectOnIdle</key> 
					<integer>0</integer> 
				</dict> 
				<key>VendorConfig</key> 
				<dict> 
				<key>OnlyAppLevel</key> 
					<integer>1</integer> 
				<key>AllowPortalProfile</key> 
					<integer>0</integer> 
				<key>FromAspen</key> 
					<integer>1</integer> 
				</dict> 
			</dict> 
		</array> 
		<key>PayloadDisplayName</key> 
			<string>Sample App Level VPN</string> 
		<key>PayloadOrganization</key> 
			<string>Palo Alto Networks</string> 
		<key>PayloadDescription</key> 
			<string>Profile Description</string> 
		<key>PayloadIdentifier</key> 
			<string>Sample App Level VPN</string> 
		<key>PayloadType</key> 
			<string>Configuration</string> 
		<key>PayloadVersion</key> 
			<integer>1</integer> 
		<key>PayloadUUID</key> 
			<string>5436fc94-205f-7c59-0000-011c</string> 
		<key>PayloadRemovalDisallowed</key> 
			<false/> 
	</dict> 
</plist> ```