Globalprotect and Linux

Reply
Highlighted
Not applicable

Globalprotect and Linux

Hi everybody.

Is it possible to use the client GlobalProtect on a Linux operating system?
Is there a "workaround" or some free Linux VPN client that can be used for it?

Thank you very much.

Tags (2)
Not applicable

Re: Globalprotect and Linux

Please, anyone could help me?

Thank you very much.

L6 Presenter

Re: Globalprotect and Linux

I think any IPsec based VPN clientsoftware will work for you if its just the VPN stuff you want.

Globalprotect includes sort of a HIPS aswell (to keep track of which antivirus and db etc the clients are using and based on if they are up2date Globalprotect can let a client in or quarantine it etc) which a regular IPsec VPN software doesnt deal with.

L5 Sessionator

Re: Globalprotect and Linux

At present time there are no Linux IPSec clients that we support. I would recommend checking with your Sales contact to get roadmap information for upcoming support.

L6 Presenter

Re: Globalprotect and Linux

Perhaps not officially support (as in getting help if setting up a support case) but shouldnt they still work in real life because the vpn client in iphone/ipads works aswell as if you setup a vpn-tunnel towards a cisco ASA as described in: ?

I mean as long as it is pure IPsec then it should work, shouldnt it?

Not applicable

Re: Globalprotect and Linux

I feel your pain!  I have reached out to my sales channel for the improvement to incorporate a Linux Global Protect client for two years now and still absolutely NOTHING.  They know that this isn't where they need to support their resources but "come on."  I would be greatly happy for an "unsupported" way of getting any Linux client to work over VPN.  I have about a dozen clients that I would setup a dozen "site-to-site" VPN configurations, if I could figure out the exact way to get it working.   I tried a couple options but troubleshooting the VPN not establishing connection was very difficult.

I'm still waiting for PA to come up with something... good thing I am not holding my breathe.

L1 Bithead

Re: Globalprotect and Linux

It is possible to establish VPN IPsec to GP from Linux. We have used Ubuntu with vpnc (and additionaly GUI network-manager-vpnc).

From Linux side you should use "Compatible with Cisco VPN" option.

Form GP side (soft ver 4.1.6):

GlobalProtect-> Gateway -> General

Tunnel Mode -> Enable IPsec option on and Enable X-auth option on -> Group Name and password

Skip Auth on IKE Rekey option on

GlobalProtect - >Portal -> Client conf -> General

Third party vpn client -> add cisco systems vpn adapter

Not applicable

Re: Globalprotect and Linux

Hi Jacek.

Yes, It is possible, but there is a serious problem with split-tunneling. You can see the discussion in: . Are you using more than one access routes in your configuration?

Thank you.

L1 Bithead

Re: Globalprotect and Linux

Yes, we are using 2 injected routes - they were summarized to network 128.0.0.0 128.0.0.0 :-).

Workaround  - in the vpnc we have  configured to ignore routes sent by PA, and manually added routes (without setting default route (only net/mask).

And it works :-)

I think the same option is possible in Shrew client

Not applicable

Re: Globalprotect and Linux

Hi.

Thank you Jacek. Finally I've created a shell script using vpnc command to connect and add the routes. It works.

In my opinion, PaloAlto should offer a solution for GlobalProtect VPN on Linux platforms, in case they want to take advantage over their competitors.

Bye!

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!