How to avoid GlobalProtect autostart on Mac

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to avoid GlobalProtect autostart on Mac

L0 Member

Hello,

I just had to start using the GlobalProtect VPN client for connecting to the VPN of a customer.

I'm using macOS Sonoma 14.4.1, and I installed GlobalProtect 6.2.0-89.

Is there a way to avoid having it running constantly in the background, and showing the icon in the menu bar?

I will need to use it 2-3 times a year so I do not want to have it always active, it does not make sense.

 

I tried disabling its permissions to run in the background, but then it appears the VPN is totally unable to work, even after manually starting the application.

This **bleep** thing does not even have a "Quit" button, and it can't even be killed by a "force quit" or a "kill -9"!

(Let me say this is extremely bad UX development...)

 

Any clues?

Thanks!

3 REPLIES 3

Cyber Elite
Cyber Elite

Hello,

 

You would need to reach out to the customer that manages the GlobalProtect portal and work with them. It sounds like they may have the connect-method set to always-on and sounds like this is undesirable. Or depending on what is wanting to be achieved the admin would also have the option to set the flag "Display GlobalProtect Icon" to "No".

 

This would all depend on the companies polices and processes so you would have to reach out to them to see what the options are since it doesnt sound like you have control over the GlobalProtect portal.

Thank you Claw4609,

but I'm afraid you misunderstood me: my VPN connection is NOT always on.

My problem is that the application itself, the GlobalProtect client, is starting automatically on my Mac at boot time, and it stays always there, even if NOT connected to the VPN. Even if I do not enter my VPN configuration data at all.

So the issue in my humble opinion is not in the portal configuration, but in the client itself instead.

 

How can I prevent the client to start automatically at boot? I'm not even able to kill it.

For example, I previously used the FortiClient VPN client for another network, and even though it was automatically starting at boot, I could at least quit it by using an option from the menu bar icon, and then re-open it again when needed.

 

Thanks.

L1 Bithead

Bit late from original question, perhaps this will help someone else. I am our Prisma Access admin testing new GP App config that requires GP for network access: no GP no network. Today, I sit down to GP request authentication, no problem, happens all the time, except this time it failed several times. Now I have no network access to do anything, I later learned it was a silent expired AD password; macs get no love in Microsoft's world 🙂

 

You need to modify /Library/LaunchAgents/com/paloaltonetworks.gp.pangpa.plist:

RunAtLoad:[true/false]

KeepAlive:[true/false]

 

I rebooted after this mod, all good.

I want to make it clear that I do not recommend disabling GP, on the contrary I am further locked down our configuration, this was an unanticipated scenario (expired password) to which I required a solution, and now need to consider for other users in similar situation.


<key>RunAtLoad</key>
<false/>
<key>KeepAlive</key>
<false/>

  • 2185 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!