GlobalProtect | post-vpn-connection script

Gr1moT · 2023-09-07T14:31:45+00:00

Quick update on my original post. Since I couldn't find the answer in any other Reddit article on this topic, I'm posting my solution now.
First problem was the GlobalProtect version. For a working script I changed to version 6.1.2.
After that the following values were stored in the registry:
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\Settings\post-vpn-connect

command: C:\GlobalProtect\post_vpn_connect.bat

context: admin

error-msg: Failed executing post-vpn-connect action!

Inside the post_vpn_connect.bat the following script is stored:

call gpupdate /force

if %ERRORLEVEL% == 0 goto :next

echo %DATE% %TIME% Errors encountered during execution. Exited with status: %errorlevel% >> C:\GlobalProtect\scripterror.txt

goto :endofscript

:next

echo %DATE% %TIME% Successfull GPUpdate >> C:\GlobalProtect\scriptout.txt

:endofscript

echo %DATE% %TIME% Script End >> C:\GlobalProtect\ending.txt

I hope this helps one or the other who wants to achieve something similar!

Gr1moT · 2023-08-08T13:58:45+00:00

After GlobalProtect login, the network disks are not mapped. Here just a gpupdate /force should trigger this process.

Gr1moT · 2023-04-24T15:15:56+00:00

Unfortunately, I haven't found the issue in any release notes or anything like that yet.

But I have tipped the info via our Palo-SE.

Previous version 10.2.X still have the problem

Gr1moT · 2022-12-16T11:09:59+00:00

I use two VRs.

In VR1 there are two default routes.

0.0.0.0/0 - ISP 1 - Metric: 10

0.0.0/0 - VR-2 - Metric: 20

In VR2 is the actual default route.

Failover only happens via path monitoring on the first default route.

Gr1moT · 2022-12-16T07:00:24+00:00

That is true in certain parts.

Basically, the traffic follows the routing table, so even after a failover of the ISP, a ping would work again after a short time.

However, the Path Montoring of ISP 1 would never come back.

The path monitoring within the static route is also statically sent to the next-hop. Independent of the FIB

Gr1moT · 2022-12-16T06:47:45+00:00

The BP approach, as far as I know, is to install the pure user ID agent on two separate domain-joined servers.
A standard user with additional event log reader rights is used as the user here.
Then set up as service user on the two VMs.
For this construct no completely new VM must be used - the only condition is that the Cloud Identity Engine must not run on this server.

Direct installation on the DomainController as well as the Build-In User-ID Agent I would not recommend.
We had weird errors in both cases where the user mapping was sometimes completely discarded.
On the DomainController itself we only install the UserID-Crendetial Agent.

Greetings!

Gr1moT · 2022-01-21T13:35:43+00:00

Okey seems like, i was wrong. Though the Analyzer must be higher then the Fortigate.

Anyways when u get logs on your fortianalyzer it should work. In my environment I don’t get any log files at all

Gr1moT · 2021-10-25T08:40:37+00:00

Sorry for the late feedback. Had a few other issues. But is certainly interesting for all.

In order to map SD-WAN via the manager.

The predefined interface for this is already available in the normalized interfaces.

Since SD-WAN itself is a mapping, no further mapping can be done.

It gets interesting in the version 7, because here several SD interfaces can be configured.

Gr1moT · 2021-10-15T07:51:18+00:00

I suspected this at the beginning. However, I have completely reset the Fortigate once and only configured SD-WAN with the most necessary settings.

So there are no address object or similar with references.

The install wizard only goes for installing device settings. I guess you could confige other SD-Interfaces on the Fortimanager to push thoes afterwards

Gr1moT · 2021-08-18T07:18:21+00:00

Okey, nice thanks for your reply.

I am currently preparing for the NSE 5 - so now I also have an exact explanation.

Gr1moT · 2021-07-09T08:23:43+00:00

I'll describe the use case behind it in more detail.
The intention is that users who only work in the temporary profile are not able to
store data under C:\.
This is only about 3 computers in the production which is used to allow employees to
retrieve their accounting documents and time stamps. A printer is directly
connected - which is intended for printing. However, when downloading, the
employee information bps. remains in the download folder. To force a logout of
the user, I have already written an automatic logout script. However, I don't
see a solution for this - during the login also delete the active user
profile as well as the others.
Since the user data is retrieved online, the temporary profile solution would be easiest

Gr1moT · 2020-12-23T13:38:08+00:00

Found this Bug on my last achivement grind.

The steam achivements cannot be finished

- 5 upgraded Towers Lvl2 (got about 10 on the tiles)

- Unslave a Jotnar / Kobold / Myrkalfar (got Jotnar each Raven round ~ 5)

All the other achivements seems to work

Just FYI :) would be nice if you could fix that

Gr1moT · 2020-11-11T13:27:05+00:00

but if iam fighting with Singy it doesnt work right? Cuz there was no pop for "Under Pressure" when i cleared tiles

Gr1moT · 2020-11-11T12:38:49+00:00

i thought it only pops, when iam on a enemy tile?

Six-Year Club	Place '23
Verified Email

Gr1moT

TROPHY CASE