GlobalProtect client pre-/post-connect commands?

Reply
Highlighted
Not applicable

GlobalProtect client pre-/post-connect commands?

Hello,

Do someone know, if i can set pre- or post-connect commands at the GlobalProtect client?

Background:

i want to start a service after a successful VPN connect via DOS command (sc.exe).

thanks

regards

Robert

Tags (1)
L5 Sessionator

Re: GlobalProtect client pre-/post-connect commands?

Good Morning Robert.

We do not have a set of commands as such that we can use in order to connect to a service. Global Protect has the three features of on demand, user logon and pre logon, along with the single sign on feature. The client tries to connect to the portal and the gateway automatically. It uses an algorithm to locate the closet gateway, along with the most preferred one based on the gateway metric. We can also force the client to connect manually to a gateway.

The closest thing that you can come upto is using the "on-demand" feature.

You may want to talk to your SE to see if they can help you with writing a script for connecting to the gateways based on your requirements.

BR,

Karthik RP

Not applicable

Re: GlobalProtect client pre-/post-connect commands?

Good afternnon Karthik,

i don't looking for a fixed defined command list. We are using GlobalProtect with the feature on-demand and i want to start a special program after the successfull vpn logon.

Is it possible to start a script after logon (on-demand mode)?

Who can help me in this case or do documentation/manuals exist, how to write/run a script?

Thanks

robert

L4 Transporter

Re: GlobalProtect client pre-/post-connect commands?

Hi Robert,

There is no documented process for starting a script after successful connection with GlobalProtect.

I was able to find a feature request open to add support for this very feature. Please contact your Account Team and request them to vote on FR ID: 1580 on your behalf.

That said, we do have the DevCenter which is a dedicated place for sharing scripts and tools - you may get some better feedback and ideas.

Perhaps one way to accomplish the same goal, have the batch script monitor an IP address only reachable over GlobalProtect, once ICMP replies are received then run desired command. Although, I am not a Windows guru and there could be unforeseen fallout for such a script.

Cheers,

Stefan

Not applicable

Re: GlobalProtect client pre-/post-connect commands?

Hello Stefan,

Thanks for your answer and help.

This is my first contact with the PaloAlto discussion board and i like it.

cheers

Robert

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!