Anyone got Global Protect 6.1.0 for Linux to work on Ubuntu 22.04?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Anyone got Global Protect 6.1.0 for Linux to work on Ubuntu 22.04?

L0 Member

We had a quick test and still got the SSL handshake failure. Anyone got it to work and can share anything on how?

 

The version 6.1.0 is supposed to work on Ubuntu 22.04.

 

Thanks!

 

Br

Jonas

1 accepted solution

Accepted Solutions

L1 Bithead

Yes, we have it working.

When connecting to Global Protect and authenticating to Azure SAML, the embedded browser on Linux machines will fail during TLS handshaking .    Force the client to use Firefox or what ever is the default browser.
 
Stop the Global Protect service.
sudo systemctl stop gpd.service
 
Create a new entry in the /opt/paloaltonetworks/globalprotect/pangps.xml configuration file.  Set the default-browser value to yes under <Settings>.
 
Example:
 
<?xml version="1.0" encoding="UTF-8"?>
<GlobalProtect>
    <Settings>
        <default-browser>yes</default-browser>
        
   <Settings>
 
Reboot. 
 

View solution in original post

6 REPLIES 6

L1 Bithead

Yes, we have it working.

When connecting to Global Protect and authenticating to Azure SAML, the embedded browser on Linux machines will fail during TLS handshaking .    Force the client to use Firefox or what ever is the default browser.
 
Stop the Global Protect service.
sudo systemctl stop gpd.service
 
Create a new entry in the /opt/paloaltonetworks/globalprotect/pangps.xml configuration file.  Set the default-browser value to yes under <Settings>.
 
Example:
 
<?xml version="1.0" encoding="UTF-8"?>
<GlobalProtect>
    <Settings>
        <default-browser>yes</default-browser>
        
   <Settings>
 
Reboot. 
 

Thank you for this solution!

 

Br

Jonas

This doesn't work for me, I get following error:

 

Authentication Failed

Please contact the adminsitrator for further assistance

Error code: -1

 

I have SAML authentication setup and authentication is successful on the machine. Has anyone seen this error before?

 

Regards,

Raghav

 

L1 Bithead

You can try this.  It disables OpenSSL version 3. This is using the GUI version on Ubuntu 22.

Modify the file /usr/lib/ssl/openssl.cnf.
At the end of the file you’ll see:

[system_default_sect]
CipherString = DEFAULT:@SECLEVEL=2

Change that to:
[system_default_sect]
CipherString = DEFAULT:@SECLEVEL=1
Options = UnsafeLegacyRenegotiation

Reboot and connect to the GP VPN portal.

I tried this too, since Ubuntu 22 has issues with SSL.

 

Both GUI and CLI GlobalProtect doesn't work, tried multiple reboots as well.

L0 Member

Using Okta, the GUI version works for me, but I am struggling to enable the CLI version

  • 1 accepted solution
  • 7619 Views
  • 6 replies
  • 0 Likes
  • 47 Subscriptions
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!