In a previous post, I outlined some shortcomings with the Palo Alto Networks Firewall “Global Protect” VPN Client. Have a read over the article for some information and a bit of background, but the long and short of it is that the Global Protect client has no native support for the use of multiple profiles/multiple saved connections, and if you are someone like me who is constantly changing between customer Global Protect gateways it’s a right-royal pain in the behind to have to retype your credentials and a hostname into the client all the time.
Oh, and let’s face it, the Global Protect Client isn’t exactly the nicest, prettiest thing to navigate your way around, so it’s even more infuriating when you have to deal with the oddities of the user interface.
Globalprotect App
![For For](/uploads/1/2/6/2/126215311/222670129.png)
In that post, I also released an app which let you save multiple profiles for Global Protect. This went down well (we use it internally at the office), and I had a bit of feedback from some various users that they would love a couple of enhancements (command line switches), as well as for me to chime in on the Palo Alto Networks community forums topics about this subject (here and here).
I’m pleased to say that I’ve just updated this app, and you can download it here:
Scenario: Windows box having the Palo Alto Globalprotect vpn client installed. Is it possible to use commandline or powershell to connect the vpn client to a remote host? I know this is possible with other vpn clients but can't find any documentation for the Palo Alto one.
It also now supports command line arguments. These command line arguments are as follows:
- -loadprofile <profile name> : Load a captured profile
- -stopservice : Stop the Global Protect Service
- -startservice : Start the Global Protect Service
- -restartservice : Restart the Global Protect Service
Unfortunately (because I know this question will be asked), I haven’t yet discovered a way to trigger the Global Protect Client to automatically connect once a profile has been loaded. Obviously, if the saved gateway profile that you load is configured as always-on, it will connect automatically. If anyone has a registry key that can ‘force’ always on on the client side, let me know (I just had a thought – it’s probably a registry key that an ‘always-on’ portal configuration enforces via the client when they first connect).
I’ve tested this app on versions of the Global Protect Client from versions 2.x through to 3.x, and it appears to work on these. The latest 2.x branch I tested was 2.3.3 (from memory), and the latest 3.x branch was 3.0.2-9.
As always, if you have any comments or questions about this app, or any bug reports/feature requests, don’t hesitate to reach out and contact me through the comments below or by sending an email [email protected]. I get a lot of email, and sometimes I miss them (and I can also be a little slack) – so if I don’t reply first up, maybe send me another “gentle reminder” ?