This article will demonstrate how to install and use Palo Alto GlobalProtect ZTNA/VPN, which is required to access certain shared drives or services required by Deakin.
Table of Contents
Installation Instructions
- Download the software from https://software.deakin.edu.au/2025/12/02/palo-alto-globalprotect/
- Install the software, see the document from Palo Alto below for more information
Download and Install the GlobalProtect App for Linux
| NOTE: Due to the vast amount of Linux distributions and Desktop environments, the GUI version of the Global protect application may not be available, so please refer to the CLI installation instructions if unavailable. Also refer to the troubleshooting section, for addition assistance. |
Using GlobalProtect
| NOTE: ZTNA/VPN services require you to use Multi Factor Authentication (MFA). |
- To use the GUI version of the GlobalProtect app for Linux, search for and open 'GlobalProtect'
- Open the GlobalProtect, enter the Portal address: 'ztna.deakin.edu.au', then click "Connect".
- A pop-up window will appear. Enter your Deakin Username, and your Deakin Password.
Select 'Approve with DUO' to verify your identity, then it pushes notification to your smartphone DUO app to get approval.
- A notification will pop up on your screen to Approve or Reject. Hit the green tick (Approve)
- If your smartphone does not have Internet connectivity and is not connected to a Wi-Fi network, you can use a Duo Mobile passcode.
Select 'Other Options' on the Duo Push page, then choose 'Duo Mobile passcode'
Select "Enter a Passcode” and enter the generated 6-digit passcode on your phone in the Passcode field.
To generate the passcode on your phone
- When the home screen appears, verify that your connection has established successfully. If the connection is successful, the home screen displays the CONNECTED state.
By default, user will be connected to 'Best Available Gateway' automatically.
The GlobalProtect uses a network discovery method to select the best available gateway from the multiple available gateway options ('ZTNA-Gateway-BW' and 'ZTNA-Gateway-WF').
GlobalProtect attempts to communicate with all the gateways and uses criteria such as gateway priority, load, and response time from each gateway to determine which is the best available gateway
- User will be connected to one of the gateways ('ZTNA-Gateway-BW' or 'ZTNA-Gateway-WF') as the 'Best Available Gateway'. Both of them are unencrypted gateway.
If you need to connect to encrypted gateway, click 'Change Gateway' then select the 'ZTNA-Encrypted-Gateway'
Unencrypted access is for the user on a "Trusted" Wi-Fi network such as your home Wi-Fi.
Encrypted access is for the user on public Wi-Fi or working overseas. - If you need to disconnect, you can TAP TO DISCONNECT from the hamburger menu.
Next time you need to connect to the ZTNA/VPN, please be aware you will be prompted to sign in again.
Troubleshooting
|
NOTE: GlobalProtect via the provided installation script supports the following configurations: Ubuntu 14, 16 and above, but not including 18, Red hat, Fedora, Rocky and Centos for X86, ARM and AARCH64 platforms. GUI: Wayland graphical back-end is not fully supported. |
Unsupported distributions
- Attempt to install directly via the provided DEB and RPM packages
- Install the CLI edition of GlobalProtect via the provided DEB and RPM packages
- Install "Openconnect" package which supports the GlobalProtect protocol and its counterpart GUI supported package "Network Manager"
Wayland graphics back-end
- Switch back to Xorg/X11 graphical backend
- Install the CLI edition of GlobalProtect
- Install "Openconnect" package which supports the GlobalProtect protocol and its counterpart GUI supported package "Network Manager"
Successful connection via GlobalProtect CLI, however, unable to access internal Deakin resources
- This is currently known to effect the following OSes:
Debian 13 (Trixie)
To resolve: Install the systemd-resolved package
sudo apt update
sudo apt install systemd-resolved
sudo systemctl enable systemd-resolved --now