Starting February 24, 2017, all VPN connections must go through the Palo Alto GlobalProtect VPN portal.



Requirements


As of GlobalProtect version 5.1, a new User Interface is supported on certain operating systems/versions. Please make sure you are running one of the compatible distributions below, and check the operating system version to determine if it supports the GlobalProtect UI or if it is CLI only.

Compatibility as of July 2, 2020:

Ubuntu

  • Ubuntu 20.04 (CLI-based GlobalProtect app only)
  • Ubuntu 19.04 (CLI-based GlobalProtect app only)
  • Ubuntu 18.04.3 LTS
  • Ubuntu 18.04.2 LTS
  • Ubuntu 18.04.1 LTS (CLI-based GlobalProtect app only)
  • Ubuntu 18.04 LTS (Only Ubuntu 18.04.3 LTS and Ubuntu 18.04.2 LTS support the GUI-based version of the GlobalProtect app for Linux)
  • Ubuntu 16.04 (CLI-based GlobalProtect app only)


Red Hat Enterprise Linux

  • Red Hat Enterprise Linux 7.7
  • Red Hat Enterprise Linux 7.6 (CLI-based GlobalProtect app only)
  • Red Hat Enterprise Linux 7.5 (CLI-based GlobalProtect app only)
  • Red Hat Enterprise Linux 7.4 (CLI-based GlobalProtect app only)
  • Red Hat Enterprise Linux 7.3 (CLI-based GlobalProtect app only)
  • Red Hat Enterprise Linux 7.2 (CLI-based GlobalProtect app only)
  • Red Hat Enterprise Linux 7.1 (CLI-based GlobalProtect app only)
  • Red Hat Enterprise Linux 7.0 (CLI-based GlobalProtect app only)
  • Red Hat Enterprise Linux 6.9 (CLI-based GlobalProtect app only)
  • Red Hat Enterprise Linux 6.8 (CLI-based GlobalProtect app only)


CentOS

  • CentOS 7.7 (CLI-based GlobalProtect app only)
  • CentOS 7.6
  • CentOS 7.5 (CLI-based GlobalProtect app only)
  • CentOS 7.4 (CLI-based GlobalProtect app only)
  • CentOS 7.3 (CLI-based GlobalProtect app only)
  • CentOS 7.2 (CLI-based GlobalProtect app only)
  • CentOS 7.1 (CLI-based GlobalProtect app only)
  • CentOS 7.0


To install the Linux GlobalProtect client:

  1. Download the client install file from here:
    https://www.dropbox.com/s/faoqbkr4p78yl1t/PanGPLinux-5.1.4-c9.tgz?dl=1

    or you can use a wget command:

    wget https://www.dropbox.com/s/faoqbkr4p78yl1t/PanGPLinux-5.1.4-c9.tgz


  2. Unzip the file.  Example:

     

    tar -xvf ~/pkgs/PanGPLinux-5.0.8-c6.tgz

     

  3. Once unzipped you should see installation packages for Ubuntu (DEB), CentOS (RPM), and Red Hat as well as the scripts to install and uninstall the packages.  You should see two versions for each flavor of Linux, one of which is the CLI version of GlobalProtect and the other is the UI version (will contain "UI" in the file name).

  4. Install the CLI or the UI version of the app package using either:

    sudo dpkg -i <gp-app-pkg>

     

    or

     

    sudo apt-get install <gp-app-pkg>

     

    Where <gp-app-pkg> is the name of your distribution package for your Linux version.

  5. (Optional) Change CLI modes - You can run commands in either command-line or prompt mode. Command-line mode requires you to specify the full GlobalProtect command. Prompt mode requires you to specify only the command (without the app name) and displays more detailed output than command-line mode.

    To switch to prompt mode, enter globalprotect without any arguments

    To exit prompt mode, enter quit


  6. (Optional) You can view the help information for GlobalProtect by entering help while in Prompt Mode or globalprotect help while in Command-Line Mode.

Note: The GlobalProtect app for Linux installs to the
/opt/paloaltonetworks/globalprotect
directory. After GlobalProtect first runs, the app also creates a GlobalProtect user folder
$HOME/.globalprotect
to save user registry configuration and other CLI related settings.



To use the Linux GlobalProtect:

The following commands are displayed in Command-Line mode.  To run the same commands in Prompt Mod, enter it without the globalprotect prefix.

Connect to the ATU GlobalProtect portal:

Configuring the portal is the first step in client configuration.

 

globalprotect connect --portal vpn.atu.edu

 

Note: You can also specify a username in the command using the
--username
<username>
option. The GlobalProtect app prompts you to authenticate and, if you specified the username option, confirm your username.


Connect to an ATU Gateway to establish the VPN connection:

The VPN must terminate to a gateway to be connected.

  1. (Optional) Display the gateways you have permission to connect to.  Most users at Arkansas Tech University will only have access to the default VPN gateway but, if you've been granted access to other gateways in order to reach more secured network resources, you may see them here.

    globalprotect show --manual-gateway

     

  2. Connect to a gateway

     

    globalprotect connect --gateway <gp-gateway>

     
    Where <gp-gateway> is the IP address or name of the gateway.

  3. You should now be connected to the VPN.. you can verify connection status using:

     

    globalprotect show --details

     

View details about your VPN connection:

You can view the details about your active VPN connection including the Gateway information and IP addresses


globalprotect show --status

 


Rediscover the network:

Rediscovering the network while connected will disconnect and reconnect GlobalProtect.

 

globalprotect rediscover-network

 


Clear the credentials for the current user:


The following command will clear the credentials for the current user.  After confirming, GlobalProtect will clear the credentials, disconnects the VPN connection, and then requires you to enter your credentials the next time you attempt to connect.

 

globalprotect remove-user

 


View any GlobalProtect notifications:


The following command will dispaly any notifications from the GlobalProtect app.


globalprotect show --notifcation