GlobalProtect Linux VPN Client Installation

Linux users can download and install the GlobalProtect VPN client or choose to use another VPN client that supports IPSEC tunnels.  One standard client that supports connecting to GlobalProtect is the OpenConnect VPN client.  The GlobalProtect client can be downloaded from the ITC software downloads site here.  The client is supported for CentOS, Red Hat Enterprise Linux, and Ubuntu.  You will have to install either the downloaded .deb or .rpm file with your package manager.  An example of installing the .deb file on Ubuntu is to run:

         sudo dpkg -i ~/Downloads/GlobalProtect_deb-

You also need to enroll in Duo before your are able to authenticate to the VPN.  If you have not yet enrolled in Duo, you may do so here.  While you are on that page, you also need to set a default second factor for authentication.  To do so, click on the link for My Settings & Devices.

Once you have the client installed, connect by running the command:

globalprotect connect -p

You may be prompted to install the server certificate on your client the first time that you connect.  Press 'y' to proceed.  You will then be prompted for your username and password.  After entering your username and password, your default Duo action will be taken, but there will be no prompt telling you that this is happening.  After the Duo authentication completes, you will be connected.

user@linuxhost:~$ globalprotect connect --portal
Retrieving configuration...                                            
There is a problem with the security certificate, so the identity of cannot be verified. Please contact the Help Desk for your organization to have the issue rectified.
Warning: The communication with may have been compromised. We recommend that you do not continue with this connection.
Error details:Do you want to continue(y/n)?y
Retrieving configuration...                                            
Disconnected - portal:local:Enter login credentials
Retrieving configuration...                                            
Discovering network...
With this first authentication, your credentials are cached locally and so on subsequent connections you will not see a prompt for a username or password.  Instead, in the background your default Duo action will be taken, but you won't have any notice that this is happening.  You will have to be ready to confirm a Duo push, answer a phone call, or respond to whatever your default Duo action may be.  After you have responded to the Duo action you will be connected.

If you are running Linux and want the split-tunnelled version that only sends traffic to and over the tunnel, the portal to use is

To disconnect, run 'globalprotect disconnect'.

If you are not running Ubuntu, CentOS or RHEL, you may be able to work around this issue.  Create the file /etc/lsb-release with the contents:


Next restart gpd.service (e.g. 'sudo systemctl restart gpd.service').  You should now be able to connect.


See Related Articles to the right for more information.
20% helpful - 5 reviews
Print Article


Article ID: 72415
Thu 2/21/19 3:20 PM
Thu 6/29/23 11:08 AM

Related Articles (2)

GlobalProtect by Palo Alto Networks is Dartmouth's newly supported VPN client. This tool has replaced the F5 VPN client, also known as the Big-IP Edge client, and is available across different devices and operating systems. For more information on GlobalProtect, please visit the Dartmouth VPN article.
Connect to the Dartmouth network via VPN - Virtual Private Network

Related Services / Offerings (1)

If you are having a problem with VPN or GlobalProtect, please report the problem here.