How to set up a delegate in ServiceNow
How do I set up notifications in Teams?
How to set up and manage Microsoft Multi-Factor Authentication (MFA)
How to set up Adobe Acrobat DC your default PDF viewer using Microsoft Edge
The University provides a Virtual Private Network (VPN) service for you to connect and login to the University network from off-campus locations or on-campus from personal laptops. If possible, set up the VPN on you computer while you are on campus.
Use this service when:
Instructions are below and you will need the following information:
Note that the VPN service is provided for use with University staff and student accounts, and it may not be used with generic accounts (that is, group, departmental or club accounts). Alumni will not be able to connect to VPN.
---
The current version of GlobalProtect requires Windows 8.1 or later
---
Please Note:
You may have to allow the GlobalProtect application to connect with the university system. In order to do this select the following:
Once completed, click the lock icon to make the changes.
---
---
---
For Linux you will need visit the Software Center and:
These instructions refer to version *-5.3.4-c5 – please substitute this suffix according to the latest / current version you downloaded from the Software Centre
Please note: with the latest version of GlobalProtect, there no longer exists the "finalise" script that needed to be ran followed by a reboot. The “UI” version does not currently work on RHEL8.
Ubuntu 23.04 was released on 20-4-2023. Whilst we generally do not recommend using anything other than the “Long Term Support” releases, we can confirm that GlobalProtect version 5.3.4-c5 works with Ubuntu 23.04.
Using the command-line interface (CLI) of the GlobalProtect™ app for Linux, you can perform tasks that are common to the GlobalProtect app. The following examples display the output in command-line mode. To run the same command in prompt-mode, enter it without the globalprotect prefix (for more information, see "Download and Install the GlobalProtect App for Linux").
Use the globalprotect connect –portal <gp-portal> command where <gp-portal> is the IP address or FQDN of your GlobalProtect portal.
For example:
user@linuxhost:~$
globalprotect connect --portal myportal.example.com (please note: the University Portal is globalprotect.soton.ac.uk)
Retrieving configuration...
Disconnected
myportal.example.com - portal:local:Enter login credentials username:user1
Password:
Retrieving configuration... Discovering network...
Connecting...
Connected
When you use certificate-based authentication, the first time you connect without a root CA certificate, the GlobalProtect app and GlobalProtect portal exchange certificates. The GlobalProtect app displays a certificate error, which you must acknowledge before you authenticate. When you next connect, you will not be prompted with the certificate error message.
user@linuxhost:~$
globalprotect connect --portal myportal.example.com
Retrieving configuration...
Disconnected
There is a problem with the security certificate, so the identity of 10.3.188.61 cannot be verified. Please contact the Help Desk for your organization to have the issue rectified.
Warning: The communication with 10.3.188.61 may have been compromised. We recommend that you do not continue with this connection.
Error details:Do you want to continue(y/n)?
y
Retrieving configuration...
Disconnected
10.3.188.61 - portal:local:Enter login credentials username:
user1
Password:
Retrieving configuration...
Discovering network...
Connecting...
Connected
You can also specify a username in the command using the –username <username> option. The GlobalProtect app prompts you to authenticate and, if you specified the username option, confirm your username.
When you want to pre-deploy a client certificate to an endpoint for certificate-based authentication, you can copy the certificate to the endpoint and import it for use by the GlobalProtect app. Use the globalprotect import-certificate --location <location> command to import the certificate on the endpoint. When prompted you must supply the certificate password.
user@linuxhost:~$ globalprotect import-certificate --location
/home/mydir/Downloads/cert_client_cert.p12
Please input passcode:
Import certificate is successful.
(Optional) Display the manual gateways to which you can connect using the globalprotect show --manual-gateway command.
Connect to a gateway using the globalprotect connect –gateway <gp-gateway> command where <gp-gateway> is the IP address or FQDN of the GlobalProtect gateway.
View details about your connection using the globalprotect show --details command.
user@linuxhost:~$ globalprotect show --manual-gateway
Name | Address |
gw1 | 192.168.1.180 |
gw2 | 192.168.1.181 |
user@linuxhost:~$ globalprotect connect --gateway 192.168.1.180
Use the globalprotect show --status command to verify the status of your connection.
user@linuxhost:~$
globalprotect show --status
GlobalProtect status: Connected
user@linuxhost:~$
globalprotect show --details
Assigned IP address: 192.168.1.132
Gateway IP address: 192.168.1.180
Protocol: IPSec
Uptime(sec): 231
Use the globalprotect rediscover-network command to disconnect and reconnect from GlobalProtect.
user@linuxhost:~$ globalprotect rediscover-network
Disconnecting...
Retrieving configuration...
Retrieving configuration...
Discovering network...
Connecting...
Connecting...
Connected
GlobalProtect status: Connected
Use the globalprotect remove-user command to clear the credentials used to authenticate with the portal and gateways. After you confirm that the GlobalProtect app should clear your credentials, the GlobalProtect app disconnects the tunnel and then requires you to enter your credentials the next time you connect.
user@linuxhost:~$ globalprotect remove-user
Credential will be cleared and current tunnel will be terminated.
Do you want to continue(y/n)? y
Clear is done successfully.
user@linuxhost:~$ globalprotect connect --portal 192.168.1.179
Retrieving configuration...
Disconnected
192.168.1.179 - portal:local:Enter login credentials
username: user1
Password:
Retrieving configuration...
Discovering network...
Connecting...
Connected
Use the globalprotect show --host-state command to view the current host information about your endpoint.
Use the globalprotect resubmit-hip command to resubmit information about the endpoint to the gateway. This is useful in cases where HIP-based security policy prevents users from accessing resources because it allows the user to fix the compliance issue on the endpoint and then resubmit the HIP.
user@linuxhost:~$ globalprotect show --host-state
generate-time: 09/28/2017 11:24:07
categories host-info
client-version: 4.1.0
os: Linux Ubuntu 16.04.3 LTS
os-vendor: Linux
domain:
host-name: linuxhost
host-id: 4C4C4544-0034-4D10-804C-************
network-interface
enp0s31f6
description: enp0s31f6
mac-address: D4:81:D7:D4:5A:A5 wlp2s0
description: wlp2s0
mac-address: 14:AB:C5:DE:D1:0E
user@linuxhost:~$ globalprotect resubmit-hip
Resubmit is successful.
Use the globalprotect show –notification command to view notifications.
Use the globalprotect launch-ui command to display the system tray icon on your desktop, or on our Redhat7 machines you can find the launcher under Applications/Internet as shown below:
Once launched, the icon appears on the top notification panel, much like Windows or Mac, and can be opened / initiated by clicking the icon and filling in the required fields:
This has been tested and confirmed working on Ubuntu 18.04, 20.04 and 22.04
1. Log into the Software Centre and download the Linux install package.
2. Follow the instructions, navigate to the downloaded package, and unzip.
3. We need to install some additional software before attempting to install the GUI package:
sudo apt-get install libqt5webkit5
4. Once installed, proceed to install the GlobalProtect deb package:
sudo dpkg -i GlobalProtect_UI_deb-5.3.4.0-5.deb
5. For Ubuntu 22.04 the GlobalProtect icon appears in the notification bar, just like macOS and Windows:
Use the globalprotect show --welcome-page command. The GlobalProtect app displays the Welcome page in a browser if a Welcome page exists or displays a notification if the Welcome page does not exist.
Use the globalprotect show –error command to view errors reported by the app.
user@linuxhost:~$ globalprotect show --error
Error: Cannot connect to GlobalProtect Portal
The app stores the PanGPA and PanGPI log files in the /home/<user>/.Globalprotect directory.
Use the globalprotect collect-logs command to enable the GlobalProtect app for Linux to package these logs and other useful information. You can then use the logs to troubleshoot issues or forward them to a Support engineer for expert analysis.
user@linuxhost:~$ globalprotect collect-log
Start collecting...
collecting network info...
collecting machine info...
copying files...
generating final result file...
The support file is saved to /home/user/.GlobalProtect/Collect.tgz
user@linuxhost:~$ globalprotect show --version
GlobalProtect: 4.1.0-23
Copyright(c) 2009-2017 Palo Alto Networks, Inc.
Ubuntu:
If the GlobalProtect client is unavailable or unreliable for your Linux distribution, you can try using OpenConnect.
To connect to the university VPN (Virtual Private Network) you will need at least v8.00 of openconnect (released Jan 2019, with support for the GlobalProtect protocol ).
Then, in a terminal, run the following as root (replace USERNAME with your university login):
sudo openconnect --protocol=gp globalprotect.soton.ac.uk -u USERNAME --csd-wrapper=/usr/lib/ openconnect/hipreport.sh
Where the location of the hipreport.sh may vary depending on your distribution.
systemctl show gpd.service | fgrep Environment
which should output:
Environment=SSL_CERT_DIR=/usr/lib/ssl/certs
If that's fine, then maybe try:
Symptom(s)
After you extract the files from the package (PanGPLinux-5.2.5-c46.tgz), you will install the package in Ubuntu or Kali (Debian) Linux with the following command, but you get an error as below:
Resolution
Use the following dpkg command instead of apt-get install:
sudo dpkg -i ./GlobalProtect_deb-5.2.5.0-46.deb
Please note: replace the version name of GlobalProtect with the correct one (if applicable) and remember the naming convention for the GUI version.
See https://www.makeuseof.com/apt-vs-dpkg/ for details of apt vs dpkg.
---
---
How to access Southampton Virtual Environment (SVE) and Common Learning Spaces (CLS) workrooms
How to connect your laptop to eduroam
How to connect your mobile device to eduroam
Attached files:
Was this article helpful?
If you have any further comments, please put them below.
Please note that feedback is anonymous - if you require a reply or assistance, please raise a ticket via ServiceLine.
Thank you for your feedback, it is much appreciated.