This site requires JavaScript to be enabled

bSecure GlobalProtect VPN Installation Guide: Linux

66225 views

11.0 - Updated on 2024-06-05 by Sean Schluntz

10.0 - Updated on 2024-06-05 by Sean Schluntz

9.0 - Updated on 2024-06-05 by Sean Schluntz

8.0 - Updated on 2024-06-05 by Sean Schluntz

7.0 - Updated on 2024-06-05 by Sean Schluntz

6.0 - Updated on 2024-06-05 by Sean Schluntz

5.0 - Updated on 2024-06-05 by Sean Schluntz

4.0 - Updated on 2024-06-05 by Sean Schluntz

3.0 - Updated on 2024-06-05 by Sean Schluntz

2.0 - Updated on 2024-06-05 by Sean Schluntz

1.0 - Authored on 2020-03-18 by Sean Schluntz

A GlobalProtect graphical client for Linux is available for use by the campus community to access the bSecure remote access service (VPN).

We would like to remind our users that while the Network Services Team provides a Linux-compatible VPN client, Linux based desktop operating systems are not officially supported by Berkeley IT. Limited resources make it unlikely that we will spend significant time diagnosing or resolving VPN issues which are only experienced by users on these platforms.

The GlobalProtect UI for Linux client is available on a Google Drive Share, accessible by anyone with an @berkeley.edu account (you must be using your Berkeley account to access the share).

A list of the Linux distributions currently supported by the manufacturer can be found in the GlobalProtect for Linux FAQ.

If the instructions below do not match the client you are using please reference the vendor instructions for GlobalProtect UI for Linux at the Palo Alto Networks Tech Docs site

Note: To open the GlobalProtect dialog window if the icon is not visible, you can use the "globalprotect launch-ui" command in a shell/terminal window if you are running a vendor supported release of GlobalProtect.

  1. Download the desired software release bundle from the Google Drive share (available to UCB only)
    • Files are named PanGPLinux-{version}.tgz, for example PanGPLinux-5.2.6-c18.tgz

  2. Unarchive the software bundle using your preferred method

  3. Start the installation using one of the following two methods
    1. Recommended: Use the provided gp_install.sh script using sudo
      1. sudo bash ./gp_install.sh
    2. If the gp_install.sh script fails, or if you prefer to do the install manually
      1. Select one of the files that starts with GlobalProtect_UI_ - these are the only installer compatible with the bSecure Remote Access Service
        • There are usually three files, an RPM, and DEB, and a tarfile.  If you system supports Debian or RedHat formatted packages those are the recommended versions as they will help install the necessary dependencies. 

  4. Depending on your Linux distribution the service will start automatically or you may need to restart your host to get all supporting daemons online

  5. Before connecting to the UC Berkeley remote access system users must first enable the use of the default broswer insted of the built-in GlobalProtect broswer for authentication. Instructions to make this change are in the Palo Alto Networks knoladge base:
    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000001UdnCAE&lang=en_US
  6. One running you should see a small grey globe in your system bar (if your window manager has a system bar). If not, or if you have no bar you can use the CLI command "globalprotect launch-ui" to open the GlobalProtect window
    GlobalProtect Dialog

  7. Select the three horizontal bars to open the menu
    GlobalProtect Menu

  8. Select Settings to open the Settings dialog
    GlobalProtect Portal Setting Window

  9. Enter vpn.berkeley.edu into the Portal field and click OK

  10. Select the Connect button to connect to the remote access service

  11. The default web browser will open with the CalNet web authentication interface for you to log into the service

  12. Once you have authenticated the system will complete the connection, this can take up to 20 seconds depending on your system
    GlobalProtect Connected Dialog

  13. When the connection is live you will see a disconnect button and a pull down where the different gateways can be selected

  14. You can disconnect using the Disconnect button