Download and Install the GlobalProtect App for Linux
Focus
Focus
GlobalProtect

Download and Install the GlobalProtect App for Linux

Table of Contents

Download and Install the GlobalProtect App for Linux

GlobalProtect offers you two different methods to install the GlobalProtect app on your Linux device: a GUI-based installation version and a CLI version. If you use a supported Linux operating system that supports a graphical interface, you can install the GUI version of the GlobalProtect; otherwise, download and install the CLI version of the GlobalProtect app.

Download and Install the GUI Version of GlobalProtect for Linux

If your Linux device supports a graphical user interface, complete these steps to install the GUI version of GlobalProtect for Linux.
  1. Download the GlobalProtect app for Linux.
    1. Log in to the Customer Support Portal. After you enter your username and password credentials, you are authenticated and you are logged in to the support site.
    2. Select UpdatesSoftware Updates.
    3. Filter by GlobalProtect Agent for Linux, and download the associated TGZ file.
    4. Extract the files from the package.
      user@linuxhost:~$ tar -xvf ~/pkgs/PanGPLinux-6.0.0.tgz
      									./
      									./GlobalProtect_deb-6.0.0.0-62.deb
      									./GlobalProtect_deb_arm-6.0.0.0-62.deb
      									./GlobalProtect_rpm-6.0.0.0-62.rpm
      									./GlobalProtect_rpm_arm-6.0.0.0-62.rpm
      									./GlobalProtect_tar-6.0.0.0-62.tgz
      									./GlobalProtect_tar_arm-6.0.0.0-62.tgz
                                                                 ./GlobalProtect_UI_deb-6.0.0.0-62.deb
                                                                 ./GlobalProtect_UI_rpm-6.0.0.0-62.rpm
      									/GlobalProtect_UI_tar-6.0.0.0-62.tgz
      									./manifest
      									./relinfo
                                                                ./gp_install.sh
                                                                   ./gp_uninstall.sh
      								
      You will see multiple installation packages for supported operating system versions—DEB for Debian and Ubuntu and RPM for CentOS and Red Hat. The package for the GUI version is denoted by a GlobalProtect_UI prefix.
  2. (Optional) If your Linux endpoint must use a manual proxy server configuration, configure the proxy settings.
    The GlobalProtect app for Linux supports only a basic proxy server configuration but does not support the use of Proxy Auto-Configuration (PAC) files and proxy authentication.
    The GlobalProtect app for Linux obtains the proxy settings from the HTTP_PROXY, HTTPS_PROXY and NO_PROXY environment variables in the /etc/environment file. If you later change the system proxy configuration, verify that the terminal from which GlobalProtect runs uses the proxy environment variables. If you do not see the new settings, log out and back in for the new settings to take effect.
    If you have configured the HTTP_PROXY variable or the HTTPS_PROXY variable, make sure that the GlobalProtect portal matches the settings configured for the NO_PROXY variable.
    1. To set your proxy on your Linux endpoint, edit the HTTP_PROXY environment variable or HTTPS_PROXY environment variable (for example, HTTPS_PROXY=”https://yourproxy.local:8080”).
    2. To configure the IP addresses or domain names that you want to exclude from the proxy, edit the NO_PROXY environment variable (for example, NO_PROXY=”www.gpqa.com”).
      Use commas to separate multiple IP addresses or domain names. Starting with GlobalProtect app 5.1.6, you can use the wildcard character (*) for IP addresses or domain names (for example, NO_PROXY=”*.domain.com”).
  3. Install the GUI version of the GlobalProtect app for Linux.
    To Install the GlobalProtect app UI distribution package, use the $ ./gp_install.sh command:
    $ ./gp_install.sh --help
    Usage: $ sudo ./gp_install [--cli-only | --arm | --help] 
      --cli-only: CLI Only
      --arm:      ARM
      no options: UI
  4. Use the GUI version of the GlobalProtect App for Linux.
    After installation completes, the GlobalProtect app automatically launches. Specify your portal address and enter your credentials when prompted to begin the connection process.
    Because the GlobalProtect service supports only one socket connection to the GlobalProtect agent and to the GUI version of the GlobalProtect app, you must either log out of the Linux operating system or the SSH session depending on the installation method used as a root user after installing the app. You must log back in to the Linux endpoint as another user with non-privileged user privileges and the app launches.
  5. (Optional) To import a certificate, complete the following steps.
    When you want to pre-deploy a client certificate to an endpoint for certificate-based authentication, you can copy the certificate to the endpoint and import it for use by the GlobalProtect app. Use the globalprotect import-certificate --location <location> command to import the certificate on the endpoint. When prompted you must supply the certificate password.
    user@linuxhost:~$ globalprotect import-certificate --location /home/mydir/Downloads/cert_client_cert.p12 
    Please input passcode:
    Import certificate is successful. 
    

Download and Install the CLI Version of GlobalProtect for Linux

If your Linux device does not support a GUI, install the GlobalProtect app for Linux by completing these steps. The GlobalProtect app for Linux supports the DEB, RPM, and TAR installation packages.
  1. Download the GlobalProtect app for Linux.
    1. Obtain the app package from your IT administrator and then copy the TGZ file to the Linux endpoint.
      For example, if you downloaded the package to a macOS endpoint, you can open a terminal and then copy the file:
      macUser@mac:~$
      								scp ~/Downloads/PanGPLinux-6.0.0.tgz linuxUser@linuxHost:
      									<DestinationFolder>
      								
      							
      where <DestinationFolder> is a location such as ~/pkgs/ where you want to store the TGZ file.
    2. From the Linux endpoint, unzip the package.
      user@linuxhost:~$
      								tar -xvf ~/pkgs/PanGPLinux-6.0.0.tgz
      							
      After you unzip the package, you will see installation packages—DEB for Ubuntu and RPM for CentOS and Red Hat—and the scripts to install and uninstall the packages.
  2. (Optional) If your Linux endpoint must use a manual proxy server configuration, configure the proxy settings.
    The GlobalProtect app for Linux supports only a basic proxy server configuration but does not support the use of Proxy Auto-Configuration (PAC) files and proxy authentication.
    The GlobalProtect app for Linux obtains the proxy settings from the HTTP_PROXY, HTTPS_PROXY and NO_PROXY environment variables in the /etc/environment file. If you later change the system proxy configuration, verify that the terminal from which GlobalProtect runs uses the proxy environment variables. If you do not see the new settings, log out and back in for the new settings to take effect.
    If you have configured the HTTP_PROXY variable or the HTTPS_PROXY variable, make sure that the GlobalProtect portal matches the settings configured for the NO_PROXY variable.
    1. To set your proxy on your Linux endpoint, edit the HTTP_PROXY environment variable or HTTPS_PROXY environment variable (for example, HTTPS_PROXY=”https://yourproxy.local:8080”).
    2. To configure the IP addresses or domain names that you want to exclude from the proxy, edit the NO_PROXY environment variable (for example, NO_PROXY=”www.gpqa.com”).
      Use commas to separate multiple IP addresses or domain names. Starting with GlobalProtect app 5.1.6, you can use the wildcard character (*) for IP addresses or domain names (for example, NO_PROXY=”*.domain.com”).
  3. Install the app package using CLI Only command:
    $ ./gp_install.sh --help
    Usage: $ sudo ./gp_install [--cli-only | --arm | --help] 
      --cli-only: CLI Only
      --arm:      ARM
      no options: UI
  4. ( Optional) Change CLI modes.
    You can run commands in either command-line or prompt mode. Command-line mode requires you to specify the full GlobalProtect command. Prompt mode requires you to specify only the command (without the app name) and displays more detailed output than command-line mode.
    1. To switch to prompt mode, enter globalprotect without any arguments.
      user@linuxhost:~$
      								globalprotect
      								>>
      							
    2. To exit prompt mode, enter quit.
      >>
      								quit
      								user@linuxhost:~$
      							
  5. View the help for GlobalProtect app for Linux.
    Prompt mode:
    >>
    						help
    						Usage: only the following commands are supported:
    						collect-log     -- collect log information
    						connect                -- connect to server
    						disconnect             -- disconnect
    						disable                -- disable connection
    						import-certificate     -- import client certificate file
    						quit                   -- quit from prompt mode
    						rediscover-network     -- network rediscovery
    						remove-user            -- clear credential
    						resubmit-hip           -- resubmit hip information
    						set-log                -- set debug level
    						show                   -- show information
    					
    Command-line mode:
    user@linuxhost:~$
    						globalprotect help
    						Usage: only the following commands are supported:
    						collect-log            -- collect log information
    						connect -- connect to server
    						disconnect             -- disconnect
    						disable                -- disable connection
    						import-certificate     -- import client certificate file
    						quit                   -- quit from prompt mode
    						rediscover-network     -- network rediscovery
    						remove-user            -- clear credential
    						resubmit-hip           -- resubmit hip information
    						set-log                -- set debug level
    						show                   -- show information