Palo Alto Networks Knowledgebase: Connect Linux Machine to GlobalProtect

Connect Linux Machine to GlobalProtect

5907
Created On 09/25/18 20:40 PM - Last Updated 09/25/18 23:09 PM
Resolution

We can connect ubuntu 14.04 users to GlobalProtect with the help of strongswan client.

 

On the Palo Alto Networks firewall, turn on xauth and give a Group name and Group password. The remaining requirements must be done on software installed on ubuntu.

 

ShareX_2016-04-29_10-51-07.png

 

Do the following in ubuntu:

 

1. Log in as root in ubuntu 14.04 and rthe un following command to install the following software:

apt-get install strongswan-starter
apt-get install strongswan-plugin-xauth-generic

 

2. Modify the following file. Inside directory /etc there are two files: ipsec.conf and  ipsec.secrets

 

ipsec.conf:

 

putty_2016-04-29_11-03-13.png

 

In the above config, the left field is the IP address of the GlobalProtect client. If the IP address is coming from DHCP, then we can specify the following value as left=%any

The right field is the value of the GlobalProtect portal.

 

ipsec.secrets:

putty_2016-04-29_11-03-31.png

 

3. Try to run the following command on ubuntu to connect:

 

  • Run the command to bring ipsec service on on the ubutnu
#ipsec start

 

  • Run this command to bring the tunnel up.
ipsec up gateway --> Here the name gateway is the name given in the ipsec.config file.

 

  • c) Run the following command to check the status of the tunnel.
ipsec status

 

VirtualBox_2016-04-29_11-17-50.png

 

firefox_2016-04-29_11-16-56.png



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClkiCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language