Global Protect new Linux UI

cancel
Showing results for 
Search instead for 
Did you mean: 

Global Protect new Linux UI

L4 Transporter

I have the GP Linux CLI client working without any issues, however I wanted to test the UI client that just came out (5.1.0) Does anyone know how to actually use this? The PAN documentation has not been updated to mention this new version or the Linux UI yet. Installing it goes fine but I do not see anything installed to my desktop and when attempting to launch it from a command shell all I see is:

 

"Unable to run GlobalProtect CLI while GlobalProtect UI is running. Please consider installing the CLI only install package."

 

Which is great... but how do I find and launch the UI from my desktop? *confused*

18 REPLIES 18

OK, I've installed sert with a cli command globalprotect import-certificate --location /home/cert.p12 and it works now :)

 

Anyway, troubleshooting methods would be appreciated.

I have no idea where is my CA cert installed.

L2 Linker

I'm running Ubuntu 19.10.

 

The GUI runs..  but, depending on the day, there are between 3 and 10 copies in the tray..  one process for each..  I have to click through each one as only one actually works.  All others ask to enter a portal address.

 

Any clue how to get it to only start one ?

 

 

@gfowlerI have the same multiple copies in the tray issue. I'm using Kubuntu 19.10 and see that. I just toggled a setting in KDE to not restore my previous session to see if that'll help. I'll be rebooting in a little bit to test the theory out.

I've run into this issue as well.  I haven't figured out what's causing it yet but I'm sure replacing the startup command with an strace command will shine a light on that.  The quick and dirty fix for this is to create a shell script that runs the following:

 

ps aux | grep PanGPU[I] | grep -v '-session ' | xargs kill

 

This will basically kill off any PanGUI process that isn't tied to your desktop session.

 

 

So far, I've found two solutions.

 

1.  Disable Session Restore completely.  The core problem appears to be with the previous PanGPUI sessions being restored.  But every time you reboot, an additional session is added.  Thus the first boot gives one PanGPUI.. the second reboot gives two and so on..

 

OR 

 

2.  Exclude PanGPUI from session restore.

 

additionally, adding "X-KDE-autostart-phase=2" to the autostart file for PanGPUI appears have positive effects as well..  For me, this was installed under /etc/xdg/autostart/

 

Searching the apps button for 'session' yields Desktop Session app.   Opening that gives me the options to "start with an empty session", as well as the "Applications to be excluded from sessions" text field (add PanGPUI)

 

 

You can blacklist the PanGPUI process from being saved in KDE session saves with:

kwriteconfig --file ksmserverrc --group General --key excludeApps PanGPUI

Warning: this will overwrite anything you have for that key already. it'll also remove any comments in your ksmsserverrc file. This is a PER-USER change as is. (you could create an override in /etc/xdg with the same effect for all users. 

Or...  manually:

kcmshell5 kcmsmserver

And either selecting "Start with an empty session", use "Restore manually saved session" (that doesn't have PanGPUI in it already), or if using "Restore previous session", specify: "PanGPUI" in the field titled "Applications to be excluded from sessions:"

Another thing that's REALLY annoying is:

/etc/profile.d/PanMSInit.sh

 

(guh, no POSIX/Bash Shell language in thisforum editor's <code> widget???)

#!/bin/bash
PANGPA=/opt/paloaltonetworks/globalprotect/PanGPA
pgrep -u $USER PanGPA > /dev/null 2>&1
if [ $? -ne 0 ]; then
  if [ -f $PANGPA ]; then 
    $PANGPA start &
  fi
fi

 

This unconditionally spins off a PanGP process for ALL interactive users.  That's absurd.  It also means, that when you login interactively, you get:

 

# exit
logout
There are running jobs.
[1]+ Running $PANGPA start &

#

 

requiring you exit twice, orkill thesejobs.  Spinning that process up should be done some other way (suid exe called by the user-agent (globalprotect | panGUI) or somethign else. 

 

At least please check if it's the 'root' user and don't do it.

 

thanks,

--stephen

L0 Member

Use command 'globalprotect launch-ui' in terminal whenever you want to view the UI. 

L0 Member

From terminal:

(/opt/paloaltonetworks/globalprotect/PanGPUI &> /dev/null &)

All one line and include parentheses.

I think newer versions also allow you to do it from the globalprotect cli. From terminal:

globalprotectlaunch-ui

Or something to that effect. Just hit tab while in the globalprotect cli and it should show all the options.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!