Access Keys:
Skip to content (Access Key - 0)

Install and Connect to the Prisma Access VPN on Linux

This article refers to the Prisma Access VPN that uses the GlobalConnect app. If you're looking for information on the Cisco AnyConnect VPN, see: Cisco AnyConnect VPN Landing Page.

If you're not sure which service you're using, see: How do I know if I'm using the Cisco AnyConnect VPN or the Prisma Access VPN?
The official GlobalProtect GUI client, which is required for touchstone auth, only supports a narrow range of Linux Distros. Please see here for the authoritative list.

For other distros it is possible to get openconnect to work using community projects, but please note that this is not officially supported by Palo Alto or IS&T.

On this page:

Install

Download the MIT GlobalProtect Linux app. It includes the following files (you will NOT use them all):

  • GlobalProtect_UI_tar-5.3.0.0-32.tgz
  • GlobalProtect_UI_rpm-5.3.0.0-32.rpm
  • GlobalProtect_UI_deb-5.3.0.0-32.deb
  • GlobalProtect_tar_arm-5.3.0.0-32.tgz
  • GlobalProtect_tar-5.3.0.0-32.tgz
  • GlobalProtect_rpm_arm-5.3.0.0-32.rpm
  • GlobalProtect_rpm-5.3.0.0-32.rpm
  • GlobalProtect_deb_arm-5.3.0.0-32.deb
  • GlobalProtect_deb-5.3.0.0-32.deb

    (ONLY use the "UI" installation packages, the non-UI versions will not work with SAML.)
    Use the *.deb version for Debian-based distros (Ubuntu, Linux Mint, etc.), use the *.rpm version for Red Hat based distros (RHEL, CentOS, etc.) and use the generic tar for other distros (Arch, etc.)
    The *.deb and the *.rpm should be opened with the system package installer of your choosing (i.e. by double clicking the file and following the prompts.)

Manual Install:

  1. Extract the installation files:
    tar xf GlobalProtect_UI_tar-5.3.0.0-32.tgz -C GP_VPN_UI
    
  2. Obtain root privileges and run the installation script:
    sudo bash GP_VPN_UI/install.sh
    

    Result: This will attempt to install the sole dependency (qt5-webkit) but this will only work on Debian based, or Red Hat based distros. If this fails for you, please search your package repositories for the appropriate packages, which e.g. for Arch is extra/qt5-webengine.

    ? sudo bash GP_VPN_UI/install.sh
    sudo password for <username>:
    systemd is detected.
    Enable gp service...
    Create symlink for gp cli...
    Starting gp service...
    Enable gp autostart...
    Starting gpa...
    Check for and install PanGPUI dependencies...
    wget: download QtWebkit...
    yum: Installing QtWebkit dependencies...
    Starting gpui for <username>...
    

    Result: The GlobalProtect App is installed and immediately prompts you to connect (continue below).

Connect

  1. Click on the globe icon in your taskbar if it is not already open.



  2. Enter the address: gpvpn.mit.edu
  3. Click Connect.
  4. Authenticate using Touchstone Authentication.
    Result: You're connected to MIT GlobalProtect VPN service and may go about your computing activities normally. The globe icon now includes a shield.

After the first time you connect, simply click on the globe icon in your taskbar and tap the Connect button to connect. You may be prompted to authenticate again depending on how long it has been since your last connection.

Disconnect

  1. Click on the globe and shield icon in your taskbar.



  2. Click the Disconnect button.
    Result: You have been disconnected from the MIT GlobalProtect VPN service.

See Also

IS&T Contributions

Documentation and information provided by IS&T staff members


Last Modified:

October 19, 2021

Get Help

Request help
from the Help Desk
Report a security incident
to the Security Team
Labels:
c-prisma c-prisma Delete
linux linux Delete
vpn vpn Delete
gp gp Delete
global global Delete
protect protect Delete
globalprotect globalprotect Delete
gpvpn gpvpn Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.
Feedback
This product/service is:
Easy to use
Average
Difficult to use

This article is:
Helpful
Inaccurate
Obsolete
Adaptavist Theme Builder (4.2.3) Powered by Atlassian Confluence 3.5.13, the Enterprise Wiki