Is it possible to use the client GlobalProtect on a Linux operating system?
Is there a "workaround" or some free Linux VPN client that can be used for it?
Thank you very much.
Solved! Go to Solution.
I think any IPsec based VPN clientsoftware will work for you if its just the VPN stuff you want.
Globalprotect includes sort of a HIPS aswell (to keep track of which antivirus and db etc the clients are using and based on if they are up2date Globalprotect can let a client in or quarantine it etc) which a regular IPsec VPN software doesnt deal with.
Perhaps not officially support (as in getting help if setting up a support case) but shouldnt they still work in real life because the vpn client in iphone/ipads works aswell as if you setup a vpn-tunnel towards a cisco ASA as described in: ?
I mean as long as it is pure IPsec then it should work, shouldnt it?
I feel your pain! I have reached out to my sales channel for the improvement to incorporate a Linux Global Protect client for two years now and still absolutely NOTHING. They know that this isn't where they need to support their resources but "come on." I would be greatly happy for an "unsupported" way of getting any Linux client to work over VPN. I have about a dozen clients that I would setup a dozen "site-to-site" VPN configurations, if I could figure out the exact way to get it working. I tried a couple options but troubleshooting the VPN not establishing connection was very difficult.
I'm still waiting for PA to come up with something... good thing I am not holding my breathe.
It is possible to establish VPN IPsec to GP from Linux. We have used Ubuntu with vpnc (and additionaly GUI network-manager-vpnc).
From Linux side you should use "Compatible with Cisco VPN" option.
Form GP side (soft ver 4.1.6):
GlobalProtect-> Gateway -> General
Tunnel Mode -> Enable IPsec option on and Enable X-auth option on -> Group Name and password
Skip Auth on IKE Rekey option on
GlobalProtect - >Portal -> Client conf -> General
Third party vpn client -> add cisco systems vpn adapter
Yes, we are using 2 injected routes - they were summarized to network 18.104.22.168 22.214.171.124 :-).
Workaround - in the vpnc we have configured to ignore routes sent by PA, and manually added routes (without setting default route (only net/mask).
And it works :-)
I think the same option is possible in Shrew client
Thank you Jacek. Finally I've created a shell script using vpnc command to connect and add the routes. It works.
In my opinion, PaloAlto should offer a solution for GlobalProtect VPN on Linux platforms, in case they want to take advantage over their competitors.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!