Hello. I have a server that I use as a "bridge" that I use to keep a persistent VPN connection active to a restricted network, to extract report data. We were previously using the openconnect client for the bridge, but recently, the secure network changed to use GlobalProtect. When I tried to replace openclient with the linux GP client, something odd starting happening. Typically, I ssh into the bridge server, and start up the vpn client, and then ping some of the restricted servers to make sure the vpn connection is running correctly. This worked fine with openclient. Now though, after establishing the ssh connection, and starting the GP client, my ssh session seems to become blocked, and any attempt to start a new ssh session also fails. I left a little script running on the bridge server to see if the connection is being established ok, and it looks like it is, so it would appear that starting the connection is somehow preventing inbound connectivity. Does the GP client enable/change inbound firewall rules or something? The only way I can get back into the bridge server is to reboot the server, or possibly wait for the vpn connection to disconnect. If it does start up some firewall rules, is there some way to allowlist specific subnets or something?
... View more