Globalprotect Client Command Line

Posted on  by

GlobalProtect is the name of the virtual private network (VPN) provided by the Palo Alto Networks firewalls. Are you going to work remotely for a company that requires you to use this VPN? Here’s how to install the necessary software and connect on openSUSE Leap and Tumbleweed and also on Linux Kamarada (a novel Linux distro based on openSUSE Leap).

GlobalProtect client is a lower version than the VPN server; The C: Windows Temp postupdt.bat file does not exist which is should not if an update has not been run recently. Create C: Windows Temp postupdt.bat with the following contents. The first line should be the arbitrary command to execute. So in my case, MTU on GlobalProtect client interface was set too high for TMobile Home Internet. This is how I found out the issue: Step 1: Run terminal command ifconfig grep mtu. It shows me all my network interfaces with their respective MTU’s limitation. En0: Mac LAN/WIFI Adapter, Default set to 1500. Issue: Duo Prompt is Blank. When you hit Connect, you can sign in with your NetID and password, but the Duo prompt appears to be blank. This issue applies to Windows 10 users who have the GlobalProtect VPN client installed on their machine. GlobalProtect uses Internet Explorer 11 to pull up a login screen using JavaScript. Globalprotect Client For Mac Command Line Average ratng: 9,7/10 9597 reviews To uninstall the GlobalProtect agent from your device, install the Uninstall. On a Mac device by running the following command from the command line.

VPNs are used by organizations (such as companies and universities) to allow people (employees and students) to remotely connect to their networks. A VPN provides an encrypted connection (a tunnel) between your home computer and the organization network. If you want to know more about VPNs, read the beginning of this post:

On that occasion, we talked about OpenVPN, another VPN technology.

Today, we are going to talk about GlobalProtect.

Linux users have two options for connecting to GlobalProtect VPNs:

  1. the OpenConnect client, which is a free software, thus provided by the Linux distributions themselves; or
  2. the official (proprietary) GlobalProtect client, provided by Palo Alto Networks.

I advance that I was not able to make the official client work on openSUSE. So, I mention it here just to let you know that it exists.

Option #1: OpenConnect client

OpenConnect is a VPN client initially created to support Cisco’s AnyConnect VPN. It has since been ported to support the Pulse Connect Secure VPN and the PAN GlobalProtect VPN. Support for the latter came with version 8.00, released on January 4, 2019.

Installation

openSUSE Tumbleweed, the rolling release version of openSUSE, has OpenConnect version 8.05 available on its official repositories. If you use this distribution, to install OpenConnect, you just need to run:

Globalprotect vpn client command line

openSUSE Leap 15.1, the (traditional) regular release version of openSUSE, offers OpenConnect version 7.08 on its official repositories.

That is the same version that comes installed out-of-the-box on Linux Kamarada 15.1.

If you are an user of either of these distros, you need to update OpenConnect to version 8.05, which can be retrieved from the network repository. To do this, first add the network repo:

Then, install the OpenConnect package (explicitly stating that you want to download it from the network repo):

Up-to-date OpenConnect installed, everyone on the same page, let’s see how to use it.

Connection

To connect to a GlobalProtect VPN, have the following information ready:

  • GlobalProtect server, you need either its IP address or its full qualified domain name (FQDN);
  • user name (login); and
  • user password.

If you don’t know them, ask your organization’s network administrator or IT staff.

Open a terminal window (reserve a terminal window just for connecting) and run the following command, making the appropriate replacements:

Type the administrator (root user) password and hit Enter:

Then, when prompted, enter your user password to access the VPN:

Connection is established and the IP address you obtained from the VPN is informed:

Globalprotect

Globalprotect Client Command Line Tutorial

In this example, 10.22.4.171.

The OpenConnect command does not end immediately. Instead, it runs indefinitely. You remain connected to the VPN as long as you keep that program running (that’s why I advised to reserve a terminal window just for it).

During this time, you can access the organization’s internal systems from your home computer as if you were there (phisically speaking).

When you no longer need the VPN and want to disconnect, press Ctrl + C to stop OpenConnect (and close the connection):

Line

Option #2: GlobalProtect official client

Globalprotect Client Command Line Download

Palo Alto Networks provides a GlobalProtect app for Linux in two versions: a command line interface (CLI) version and a graphical user interface (GUI) version. Ideally, the package or installer should be provided to you by the organization’s network administrator or IT staff.

Unfortunately, there are organizations that do not support Linux. Searching the Internet, I found a link to download the GlobalProtect app on this page of the Kansas State University:

Also unfortunately, I was unable to make it work on Linux Kamarada 15.1, neither the CLI version, nor the GUI version. The GlobalProtect compatibility matrix shows that the Linux distributions officially supported by Palo Alto Networks are CentOS, Red Hat Enterprise Linux (RHEL) and Ubuntu. openSUSE distributions are not officially supported.

Globalprotect Vpn Client Command Line

References

  • Como se conectar a uma VPN Global Protector no Linux - Blog do Edivaldo (in Portuguese)
  • Openconnect - Conexão de VPN Paloalto no Debian - Artigo - Viva o Linux (in Portuguese)