03-17-2023 05:37 AM
Hello Team,
I would like to find out if there's an way to check if GlobalProtect agent status is connected and VPN is active on Macintosh using bash or zsh command line or script.
Thanks.
03-22-2023 07:25 AM - edited 03-22-2023 07:26 AM
Have you tested this?
"C:\Windows\system32\sc.exe" query pangps | find "STOPPED"
scquery pangps | find "STOPPED"
https://www.crowdstrike.com/blog/exploiting-escalation-of-privileges-via-globalprotect-part-1/
"sc" seems the command line tool for this job.
03-22-2023 07:46 AM
Hi @nikoolayy1 ,
I wouldn't agree you could determine the status of GP tunnel (connected or not connected), just by looking at PanGPS service status.
PanGPS service will still be running even if it is not currently connected to any GP gateway.
If you only need to know if GP is connected or not, you could probably just look at interfaces and see if tunnel interface for PanGP is present. You could also check routing table for routes pointing to the tunnel.
03-22-2023 08:17 AM
You are right. I tried to find if there are some documented windows terminal/powershell commands like the ones for Linux https://docs.paloaltonetworks.com/globalprotect/5-1/globalprotect-app-user-guide/globalprotect-app-f... but I found an old post:
Get-NetAdapter | Where-Object {$_.InterfaceDescription -like "PANGP Virtual Ethernet Adapter*"} | Select-Object Status
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
