Starting February 24, 2017, all VPN connections must go through the Palo Alto GlobalProtect VPN portal.


 

To install the Linux GlobalProtect client:

  1. Download the client install file attached to the bottom of this support article.
  2. Unzip the file.  Example:

     

    tar -xvf ~/pkgs/PanGPLinux-5.0.8-c6.tgz

     

  3. Once unzipped you should see installation packages for Ubuntu (DEB), CentOS (RPM), and Red Hat as well as the scripts to install and uninstall the packages.
  4. Install the app package using either:

    sudo dpkg -i <gp-app-pkg>

     

    or

     

    sudo apt-get install <gp-app-pkg>

     

    Where <gp-app-pkg> is the name of your distribution package for your Linux version.
  5. (Optional) Change CLI modes - You can run commands in either command-line or prompt mode. Command-line mode requires you to specify the full GlobalProtect command. Prompt mode requires you to specify only the command (without the app name) and displays more detailed output than command-line mode.

    To switch to prompt mode, enter globalprotect without any arguments

    To exit prompt mode, enter quit
  6. (Optional) You can view the help information for GlobalProtect by entering help while in Prompt Mode or globalprotect help while in Command-Line Mode.

Note: The GlobalProtect app for Linux installs to the
/opt/paloaltonetworks/globalprotect
directory. After GlobalProtect first runs, the app also creates a GlobalProtect user folder
$HOME/.globalprotect
to save user registry configuration and other CLI related settings.



To use the Linux GlobalProtect:

The following commands are displayed in Command-Line mode.  To run the same commands in Prompt Mod, enter it without the globalprotect prefix.

Connect to the ATU GlobalProtect portal:

Configuring the portal is the first step in client configuration.

 

globalprotect connect --portal vpn.atu.edu

 

Note: You can also specify a username in the command using the
--username
<username>
option. The GlobalProtect app prompts you to authenticate and, if you specified the username option, confirm your username.


Connect to an ATU Gateway to establish the VPN connection:

The VPN must terminate to a gateway to be connected.

  1. (Optional) Display the gateways you have permission to connect to.  Most users at Arkansas Tech University will only have access to the default VPN gateway but, if you've been granted access to other gateways in order to reach more secured network resources, you may see them here.

    globalprotect show --manual-gateway

     

  2. Connect to a gateway

     

    globalprotect connect --gateway <gp-gateway>

     
    Where <gp-gateway> is the IP address or name of the gateway.

  3. You should now be connected to the VPN.. you can verify connection status using:

     

    globalprotect show --details

     

View details about your VPN connection:

You can view the details about your active VPN connection including the Gateway information and IP addresses


globalprotect show --status

 


Rediscover the network:

Rediscovering the network while connected will disconnect and reconnect GlobalProtect.

 

globalprotect rediscover-network

 


Clear the credentials for the current user:


The following command will clear the credentials for the current user.  After confirming, GlobalProtect will clear the credentials, disconnects the VPN connection, and then requires you to enter your credentials the next time you attempt to connect.

 

globalprotect remove-user

 


View any GlobalProtect notifications:


The following command will dispaly any notifications from the GlobalProtect app.


globalprotect show --notifcation