- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
12-19-2019 12:01 PM
I have the GP Linux CLI client working without any issues, however I wanted to test the UI client that just came out (5.1.0) Does anyone know how to actually use this? The PAN documentation has not been updated to mention this new version or the Linux UI yet. Installing it goes fine but I do not see anything installed to my desktop and when attempting to launch it from a command shell all I see is:
"Unable to run GlobalProtect CLI while GlobalProtect UI is running. Please consider installing the CLI only install package."
Which is great... but how do I find and launch the UI from my desktop? *confused*
12-19-2019 02:05 PM
I *can* get the UI to work, but I have to uninstall and reinstall the entire package. Once I connect from the UI, it disappears. There's a file called PanGPUI in /opt/paloaltonetworks/globalprotect which I *think* is supposed to open the UI, but for me it just hangs. Would love to hear if anybody can get this to work.
12-19-2019 03:55 PM
I was not on the beta.
My main issue with this UI version is there seems to be no way of actually running it (no icon, no menu entry, the binary just complains about CLI mode).
Maybe its just a fresh bug.
12-20-2019 07:06 AM
It's a fresh bug. The betas displayed as you would have expected without much of an issue; it appears that the production release managed to break something. I would expect that this is fixed relatively quickly.
12-20-2019 08:12 AM
I was not on the beta either. I downloaded the 5.1.0 release
12-21-2019 01:49 PM
I'm using 5.1.0-101 and here's my perception:
The UI is started by an XDG (FreeDesktop) .desktop file that gets installed to /etc/xdg/autostart/PanGPUI.desktop)
The Exec for this is: Exec=/opt/paloaltonetworks/globalprotect/PanGPUI
The running app is :
/opt/paloaltonetworks/globalprotect/PanGPUI start
(so not sure how the 'start' argument gets added)
This installs a System Tray item (looks like a globe), so if your DE doesn't support a System Tray, maybe you won't see any UI for it.
A co-worker clicks on the icon, and the interface window appears at the top of the screen. however, unless he moves the cursor REALLY fast, the window disappears before he gets to it. I don't have that problem, but i do have the problem where clicking on he hamburger icon of that window is REALLY touchy, and moving the mouse causes the popup menu to disappear -- so i have to use the cursor keys to select [ Settings | About ]
I am *sad* that the 'globalprotect' cli executable now always throws :
Unable to run GlobalProtect CLI while GlobalProtect UI is running. Please consider installing the CLI only install package.
At least allow us to get the status (show --details, ...) stuff that way, because the UI doesn't give it in a useful way.
Also, while 'globalprotect show --notification' never showed the portal notification message, the new notification UI popup overwrites the message onto a single line over and over making it unreadable.
That all said... I'm also *sad* about the following:
'globalprotect' cli returns 1 for all commands successful or not. it should return 0 for success so we can script around it. Also, every instantiation of 'globalprotect' (even --help) has a builtin alarm() that forces a 60 second delay. so running the command multiple times (like to get multiple outputs for 'globalprotect show --{item}) take FOREVER.
also, sad-making... when the installer extracts to /opt/paloaltonetwork/ it doesn't bother to try to set proper ownership (user/group), leaving things owned by random matching UID/GID from the tarball. (for me it's ntp:Debian-exim)
I am frankly disgusted and exhausted over the quality of software in general over the past decade and trying to find current/correct documentation and working around bugs and misfeatures. siiiiigggghhhhhhh.
(also, the text-enry in this discussion forum is almost invisible to me, making it quite hard to type this message. maybe it's just my Debian Stretch/Firefox setup)
Leaving on a high note. At least, thanks for finally getting a UI for Linux. Just allow us to also use the CLI simultaneously, and fix the bugs in the cli.
thanks,
--stephen
03-10-2020 05:47 AM - edited 03-10-2020 07:57 AM
Same here on version 5.1.0-101, the UI only worked for the first time, clicking OR double-clicking on the PanGPUI doesn't take effect. And there's no menu items/ desktop icons. Ubuntu 19.04.
Tried stopping PanGPUI and running /opt/paloaltonetworks/globalprotect/PanGPUI from console, it seems to hang forever.
Tried stopping also PanGPA and PanGPS, and restarting, no effect.
Tried connecting from console - asked for certificates.
I'd be very grateful if it's possible to fix it.
03-10-2020 08:21 AM
I don't think they have it setup to:
* Use the gnome task bar
* Adapt to "dark" themes
But it does work, here is what I did:
* Create a "shortcut" on your desktop or in the dash-to-dock or wherever you like
* Download a nice GP icon from the internet and pop that onto your shortcut properties
It should get better over time, it didn't used to show the GUI version at all and now with 5.1.1 it does. It also did not work with all flavors of Linux without some hacks and it should now work with any Linux.
03-19-2020 01:18 AM - edited 03-19-2020 01:22 AM
Hi Guys,
I've just started to test GP linux client on Ubuntu 19.10.
I have the same problems in current and previous GP client version as you.
You can use this command to show GUI:
globalprotect launch-ui
Do you know how to monitor certificates?
I would like to show the store(s), install client cert.
In Palo doc, I've found optional modification of pangps.xml file, but it does not work for me, I have to troubleshoot 🙂
03-19-2020 02:56 AM
OK, I've installed sert with a cli command globalprotect import-certificate --location /home/cert.p12 and it works now 🙂
Anyway, troubleshooting methods would be appreciated.
I have no idea where is my CA cert installed.
03-19-2020 06:42 PM
I'm running Ubuntu 19.10.
The GUI runs.. but, depending on the day, there are between 3 and 10 copies in the tray.. one process for each.. I have to click through each one as only one actually works. All others ask to enter a portal address.
Any clue how to get it to only start one ?
03-26-2020 09:36 AM
@gfowlerI have the same multiple copies in the tray issue. I'm using Kubuntu 19.10 and see that. I just toggled a setting in KDE to not restore my previous session to see if that'll help. I'll be rebooting in a little bit to test the theory out.
04-07-2020 06:15 PM
I've run into this issue as well. I haven't figured out what's causing it yet but I'm sure replacing the startup command with an strace command will shine a light on that. The quick and dirty fix for this is to create a shell script that runs the following:
ps aux | grep PanGPU[I] | grep -v '-session ' | xargs kill
This will basically kill off any PanGUI process that isn't tied to your desktop session.
04-16-2020 02:52 PM - edited 04-16-2020 02:53 PM
So far, I've found two solutions.
1. Disable Session Restore completely. The core problem appears to be with the previous PanGPUI sessions being restored. But every time you reboot, an additional session is added. Thus the first boot gives one PanGPUI.. the second reboot gives two and so on..
OR
2. Exclude PanGPUI from session restore.
additionally, adding "X-KDE-autostart-phase=2" to the autostart file for PanGPUI appears have positive effects as well.. For me, this was installed under /etc/xdg/autostart/
Searching the apps button for 'session' yields Desktop Session app. Opening that gives me the options to "start with an empty session", as well as the "Applications to be excluded from sessions" text field (add PanGPUI)
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!