This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Connect to GlobalProtect VPN from cmd.exe in Windows 10

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Connect to GlobalProtect VPN from cmd.exe in Windows 10

Go to solution
fhewiufhwefhwe
L4 Transporter

‎01-30-2020 10:29 AM

How can I connect to Palo Alto Global Protect VPN from the windows command line?

 

I am trying to automate a logon script and have multiple steps that follow a successful Global Protect VPN connection.

2 accepted solutions

Accepted Solutions

Go to solution
reaper
Cyber Elite
Cyber Elite
In response to fhewiufhwefhwe

‎01-30-2020 01:02 PM

simple "connect" mode and then a desktop installed icon to click would be the way to go

 

he'd need to remember to connect first, then click the icon

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

View solution in original post

1 person found this solution to be helpful.
0 Likes Likes

Go to solution
fhewiufhwefhwe
L4 Transporter
In response to OwenFuller

‎01-31-2020 12:40 PM

Thanks, that works!  Appreciate the assistance.

View solution in original post

0 Likes Likes
8 REPLIES 8

Go to solution
reaper
Cyber Elite
Cyber Elite

‎01-30-2020 12:49 PM

you could configure GP in prelogon mode which allows scripts to run during logon because the tunnel is already established before the user logs on where traditional VPN would only establish after logon

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
0 Likes Likes

Go to solution
fhewiufhwefhwe
L4 Transporter
In response to reaper

‎01-30-2020 12:54 PM

Unfortunately that's not going to work.  The CEO does not want to be connected 100% of the time.

 

I need to have a simple script that he can double-click to run and automatically connect to the GlobalProtectVPN and automatically run subsequent commands unrelated to the firewall after that.

0 Likes Likes

Go to solution
reaper
Cyber Elite
Cyber Elite
In response to fhewiufhwefhwe

‎01-30-2020 01:01 PM

you could give OpenVPN a go (and install linux on his laptop) or you could hide the GP icon and let him believe everything just works 😉

 

 

the windows client doesn't have command prompt commands, unfortunately

 

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
0 Likes Likes

Go to solution
reaper
Cyber Elite
Cyber Elite
In response to fhewiufhwefhwe

‎01-30-2020 01:02 PM

simple "connect" mode and then a desktop installed icon to click would be the way to go

 

he'd need to remember to connect first, then click the icon

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
1 person found this solution to be helpful.
0 Likes Likes

Go to solution
fhewiufhwefhwe
L4 Transporter
In response to reaper

‎01-30-2020 01:17 PM

Got it thanks.  He's not willing to click more than one thing.  Instead he is going to have his assistant do some additional work.

0 Likes Likes

Go to solution
OwenFuller
L4 Transporter

‎01-31-2020 12:05 PM

It is possible to call additional commands (such as a batch file) using the post-vpn-connect registry key.  With this method, you could have him connect to GlobalProtect on-demand by selecting the icon in the system tray, and then GP will run whatever you reference in this registry key after it connects.

https://docs.paloaltonetworks.com/globalprotect/9-0/globalprotect-admin/globalprotect-apps/deploy-ap...

0 Likes Likes

Go to solution
fhewiufhwefhwe
L4 Transporter
In response to OwenFuller

‎01-31-2020 12:40 PM

Thanks, that works!  Appreciate the assistance.

0 Likes Likes

Go to solution
Taha
L0 Member
In response to OwenFuller

‎03-06-2020 12:56 PM

Can we deploy the registry entries as part of agent install or push them remotely? We have user who use their personal devices to VPN via Global Protect and we do not have access to those devices to manually add registry entries to run post-connect scripts.

0 Likes Likes
  • 2 accepted solutions
  • 41974 Views
  • 8 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks