The globalprotect CLI command is giving error: Unable to establish a new GlobalProtect connection as a GlobalProtect connection is already established from this Linux system by the same user or another user.

The globalprotect CLI command is giving error: Unable to establish a new GlobalProtect connection as a GlobalProtect connection is already established from this Linux system by the same user or another user.

6147
Created On 12/21/23 19:28 PM - Last Modified 12/21/23 19:30 PM


Question


Why running the globalprotect CLI command is giving error: Unable to establish a new GlobalProtect connection as a GlobalProtect connection is already established from this Linux system by the same user or another user.
  
$ globalprotect
Unable to establish a new GlobalProtect connection as a GlobalProtect connection is already established from this Linux system by the same user or another user.
$

 

Environment


GlobalProtect App
Ubuntu/Linux

Answer


1. The GlobalProtect App on Linux can be run only for one user and that would be the first logged-in user. For example. if a user1 logs in first, the GP App will run for user1. Later, if a user2 logs in, the GP App won't work for user2 as it's already been running in the user1 context.

You can check the PanGPA process and it's running user context 
$ ps -ef | grep PanGPA
user1     375660  375651  0 18:02 ?        00:00:00 /opt/paloaltonetworks/globalprotect/PanGPA start

If there are multiple users logged in, there will be multiple PanGPA running. As per design, the GP App will accept connections only for the first logged-in user (in the below example, user1)
  
~$ ps -ef | grep PanGPA
user1     375660  375651  0 18:02 ?        00:00:00 /opt/paloaltonetworks/globalprotect/PanGPA start
user2     377782  377772  1 19:11 ?        00:00:00 /opt/paloaltonetworks/globalprotect/PanGPA start

The globalprotect command will only be accepted in the same user context where the first PanGPA has been running. For example if user1 logged in first, the globalprotect CLI command must be run in user1 context and it will work.
  
$ whoami
user1
$ globalprotect
Current GlobalProtect status: disabled

If user2 tries to run the globalprotect CLI command, it will give the error 
$ whoami
user2
$ globalprotect
Unable to establish a new GlobalProtect connection as a GlobalProtect connection is already established from this Linux system by the same user or another user.




 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000XhM9CAK&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language