Configuring Palo Alto GlobalConnect for Android Devices
  • 23 Sep 2023
  • 2 Minutes to read
  • PDF

Configuring Palo Alto GlobalConnect for Android Devices

  • PDF

Article summary

Scalefusion and Android for Work make it easy for you to configure Palo Alto VPN on your managed Android devices. Follow the guide below to configure Palo Alto.

Before you Begin

  1. Complete Android for Work Setup in Scalefusion Dashboard.
  2. Enroll your corporate-owned devices using afw#mobilock
  3. Invite your Employees to enroll their personal devices.
The following feature works only for devices enrolled via afw#mobilock and where Scalefusion application is set as a Device Owner or employee-owned devices where Scalefusion creates a Work Profile. It will not work if you are using legacy methods to enroll the devices.

Search and Approve GlobalConnect

The first step is to search and approve GlobalConnect for your organization. The steps are,

  1. Sign In Scalefusion Dashboard.
  2. Navigate to Application Management > Play For Work Apps
  3. Click on the SEARCH & ADD button to see the Google Play dialog.
  4. In the Google Play dialog, search for Palo Alto's GlobalProtect,
  5. Click on the GlobalConnect app and select Approve
  6. Follow the onscreen instructions to approve the application. Click Done to close the dialog, and now the app starts appearing on the Scalefusion Dashboard.

Configuring GlobalConnect Settings

Once you have the GlobalConnect app, the next step is to configure the application. The steps are,

  1. Click on the GlobalConnect application to see the details card.
  2. Click on the App Configurations tab and click CREATE to see the configuration options.
  3. GlobalConnect gives you the following configuration options,
PortalThe portal address or the server URL of the GlobalConnect VPN server.
UsernameThe username to be used or blank. You can use custom properties for a dynamic configuration, like $device.<customproperty> or $
PasswordOptional field to specify the password for the VPN connection.
Client CertificateThe client certificate is to be used for logging in to Portal.
Client Certificate PassphraseThe passphrase for the client certificate is if the certificate is passphrase protected.
AppListComma-separated list of apps that need to be blocked or allowed for VPN.
Connection MethodThe VPN Connection method to be used.
Remove VPN Configuration FlagFlag to remove VPN configuration. Set this flag to true to remove the VPN configuration
Mobile IDA unique identifier for the device. You can use the $device.customproperty.
Allow Network BypassChoose if you want to allow the VPN to be bypassed by applications.
Cert AliasThe Alias of the client certificate, if any.

    4. Once you have entered the values, click on SAVE to save the configuration. All the saved configurations appear in the list.

Publishing the Application and Configuration

Once you have created the configuration, the next step is to publish the application and then the configuration. The steps are,

  1. From the App Details card, click on the App Information tab and click on PUBLISH
  2. Select the Android Device Groups/Profiles/Devices where you want to publish the application and click PUBLISH
  3. Now click on the App Configuration tab. Click on the Publish icon.
  4. Select the Android Device Groups/Profiles/Devices where you have published the application in Step 3, and click PUBLISH
  5. This will cause the applications to be installed on the devices and then configured based on the configuration.
Please contact your VPN Service provider in case you need details on how to use a particular setting and the accepted values.

Was this article helpful?