GlobalProtect - "Refresh Connection" API call via DLL/etc

Reply
AAT
L1 Bithead

GlobalProtect - "Refresh Connection" API call via DLL/etc

Is there an API or any documentation on how to call the GlobalProtect "Refresh Connection" function from external code? I want to be able to call this function from custom external code.  The reason why is to fix a connection issue we are having through automation since we don't want to have to ask users to manually click that option.

 

If no external API call is possible, is there a command-line option to call "Refresh Connection"?

 

Why isn't Global Protect smart enough to call Refresh Connection on its own when an always on VPN connection breaks?  There should be a way to monitor public IP addresses for reachability and automatically refresh the connection if can't access the public IPs...  Our AOVPN breaks frequently when machines go to sleep and wake up, screen is unlocked, etc.

L7 Applicator

Re: GlobalProtect - "Refresh Connection" API call via DLL/etc

@AAT 

No, GP does not provide an API to automate such things. But the problem you are talking about sounds like a bug of GP. Which version do you use right now?

AAT
L1 Bithead

Re: GlobalProtect - "Refresh Connection" API call via DLL/etc

Latest version.  It has been an issue for us for years on every version and never found a resolution.  Opened various tickets with PA, have one opened now.

 

The GP client needs to be smart enough to refresh the connection itself when it detects lack of network connectivty.  I'm trying to write an app in C++ to get-netadapter -interfacedescription "PANGP*" | restart-netadapter via powershell create process call if a certain public IP address can't be reached, but I shouldn't be needing to go to this level.  The client needs to have this bug fixed.  GP needs to automatically repair itself when Windows wakes from sleep on AOVPN connections / etc.

 

 

L7 Applicator

Re: GlobalProtect - "Refresh Connection" API call via DLL/etc

I have 11 open cases about global protect right now :P

One of them is about the issue you mentionned. Just wait a little longer...

AAT
L1 Bithead

Re: GlobalProtect - "Refresh Connection" API call via DLL/etc

I will post back here if we get a solution from Palo Alto, please do the same @vsys_remo 

 

This issue has been on going for years and not acceptable for the software to have such an obvious / easily fixable bug last so long.  We shouldn't have to be writing our own code / hacks to fix Palo Alto's VPN client

 

 

L7 Applicator

Re: GlobalProtect - "Refresh Connection" API call via DLL/etc

--> Global Protect 5.0.2

L7 Applicator

Re: GlobalProtect - "Refresh Connection" API call via DLL/etc


@AAT wrote:

This issue has been on going for years and not acceptable for the software to have such an obvious / easily fixable bug last so long.  We shouldn't have to be writing our own code / hacks to fix Palo Alto's VPN client


@AAT 

Then 5.0.2 will be the first release that is acceptable ;)

L0 Member

Re: GlobalProtect - "Refresh Connection" API call via DLL/etc

Hello,

 

Just want to report that we're also seeing this issue and we're running GP version 5.0.4-16

 

This is not mentioned in any of the "known issues" documentation.

 

-Gerson

L7 Applicator

Re: GlobalProtect - "Refresh Connection" API call via DLL/etc

Hi @mtx-admin 

What exactly is the problem you're seeing? In which situations does it happen exactly? Do you have an always-on config?

L0 Member

Re: GlobalProtect - "Refresh Connection" API call via DLL/etc

@vsys_remo 

 

That's correct. We have always-on VPN. Whenever I or other users work remotely, very randomly some of our services will stop working (Outlook, Internet, etc.)

 

It's like the connection goes "stale" even though we're active on the system. Things come back online after we "Refresh Connection" in the VPN client.

 

We are on GlobalProtect 5.0.5

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!