Connect to GlobalProtect VPN from cmd.exe in Windows 10

Reply
Highlighted
L3 Networker

Connect to GlobalProtect VPN from cmd.exe in Windows 10

How can I connect to Palo Alto Global Protect VPN from the windows command line?

 

I am trying to automate a logon script and have multiple steps that follow a successful Global Protect VPN connection.


Accepted Solutions
Highlighted
L7 Applicator

simple "connect" mode and then a desktop installed icon to click would be the way to go

 

he'd need to remember to connect first, then click the icon

reaper - PANgurus.com
Find my book at https://www.amazon.com/dp/1789956374

View solution in original post

Highlighted
L3 Networker

Thanks, that works!  Appreciate the assistance.

View solution in original post


All Replies
Highlighted
L7 Applicator

you could configure GP in prelogon mode which allows scripts to run during logon because the tunnel is already established before the user logs on where traditional VPN would only establish after logon

reaper - PANgurus.com
Find my book at https://www.amazon.com/dp/1789956374
Highlighted
L3 Networker

Unfortunately that's not going to work.  The CEO does not want to be connected 100% of the time.

 

I need to have a simple script that he can double-click to run and automatically connect to the GlobalProtectVPN and automatically run subsequent commands unrelated to the firewall after that.

Highlighted
L7 Applicator

you could give OpenVPN a go (and install linux on his laptop) or you could hide the GP icon and let him believe everything just works

 

 

the windows client doesn't have command prompt commands, unfortunately

 

reaper - PANgurus.com
Find my book at https://www.amazon.com/dp/1789956374
Highlighted
L7 Applicator

simple "connect" mode and then a desktop installed icon to click would be the way to go

 

he'd need to remember to connect first, then click the icon

reaper - PANgurus.com
Find my book at https://www.amazon.com/dp/1789956374

View solution in original post

Highlighted
L3 Networker

Got it thanks.  He's not willing to click more than one thing.  Instead he is going to have his assistant do some additional work.

L4 Transporter

It is possible to call additional commands (such as a batch file) using the post-vpn-connect registry key.  With this method, you could have him connect to GlobalProtect on-demand by selecting the icon in the system tray, and then GP will run whatever you reference in this registry key after it connects.

https://docs.paloaltonetworks.com/globalprotect/9-0/globalprotect-admin/globalprotect-apps/deploy-ap...

Highlighted
L3 Networker

Thanks, that works!  Appreciate the assistance.

View solution in original post

Highlighted
L0 Member

Can we deploy the registry entries as part of agent install or push them remotely? We have user who use their personal devices to VPN via Global Protect and we do not have access to those devices to manually add registry entries to run post-connect scripts.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!