Windows OS Batch Script Examples
You can configure the GlobalProtect agent to initiate and run a script for any or all of the following events: before and after establishing the tunnel, and before disconnecting the tunnel. To run the script at a particular event, reference the batch script from a command registry entry for that event. The following examples show scripts you can run on Windows systems at pre-connect, post-connect, and pre-disconnect events:
Example: Exclude Traffic from the VPN Tunnel on
To exclude traffic from the VPN tunnel after establishing the VPN connection, reference the following script from a
commandregistry entry for a post-vpn-connect event. This enables you to selectively exclude routes and to send all other traffic through the VPN tunnel.
As a best practice, delete any exclude network routes that were previously added before adding the new exclude routes. In most cases, when a user moves between networks (such as when switching between Wi-Fi and a local network) the old network routes are automatically deleted. In the event that the old network routes persist, following this best practice ensures that traffic destined for the exclude routes will go through the gateway of the new network instead of the gateway of the old network.
@echo off REM Run this script (route_exclude) post-vpn-connect. REM Add exclude routes. This allows traffic to these network and hosts to go directly and not use the tunnel. REM Syntax: route_exclude <network1> <mask1> <network2> <mask2> ...<networkN> <maskN> REM Example-1: route_exclude 10.0.0.0 255.0.0.0 REM Example-2: route_exclude 10.0.0.0 255.0.0.0 192.168.17.0 255.255.255.0 REM Example-3: route_exclude 10.0.0.0 255.0.0.0 192.168.17.0 255.255.255.0 192.168.24.25 255.255.255.255 REM Initialize 'DefaultGateway' set "DefaultGateway=" REM Use the route print command and find the DefaultGateway on the endpoint @For /f "tokens=3" %%* in ( 'route.exe print ^|findstr "\<0.0.0.0\>"' ) Do if not defined DefaultGateway Set "DefaultGateway=%%*" REM Use the route add command to add the exclude routes :add_route if "%1" =="" goto end route delete %1 route add %1 mask %2 %DefaultGateway% shift shift goto add_route :end
Example: Mount a Network Share on Windows Endpoints
To mount a network share after establishing a VPN connection, reference the following script from a
commandregistry entry for a post-vpn-connect event:
@echo off REM Mount filer1 to Z: drive net use Z: \\filer1.mycompany.local\share /user:mycompany\user1
Deploy Scripts Using the Windows Registry
Deploy Scripts Using the Windows Registry You can enable deployment of custom scripts to Windows endpoints using the Windows registry. You can configure the GlobalProtect ...
Split Tunnel to Exclude by Access Route
Split Tunnel to Exclude by Access Route You can now exclude specific destination IP subnet traffic from being sent over the VPN tunnel. With this feature, you ...
Mac OS Script Examples
Mac OS Script Examples You can configure the GlobalProtect agent to initiate and run a script for any or all of the following events: before ...
Deploy Agent Settings to Windows Clients
Deploy Agent Settings to Windows Clients Use Windows registry or the Windows Installer (Msiexec) to deploy the GlobalProtect agent and settings to Windows clients transparently. ...
Deploy Scripts Using Msiexec
Deploy Scripts Using Msiexec On Windows clients, you can use the Windows Installer (Msiexec) to deploy the agent, agent settings, and scripts that the agent ...
Client Settings Tab
Client Settings Tab Select Network GlobalProtect Gateways Agent Client Settings to configure settings for the virtual network adapter on the client system when an agent ...
Networking Features New Networking Features Description Tunnel Content Inspection The firewall can now inspect the traffic content of cleartext tunnel protocols: Generic Routing Encapsulation (GRE) ...
Script Deployment Options
Script Deployment Options The following table displays options that enable GlobalProtect to initiate scripts before and after establishing a VPN tunnel and before disconnecting a ...
GlobalProtect Features New GlobalProtect Features Description Clientless VPN You can now use Clientless VPN for securing remote access to common enterprise web applications that use ...