Script Deployment Options
Focus
Focus
GlobalProtect

Script Deployment Options

Table of Contents
End-of-Life (EoL)

Script Deployment Options

The following table displays options that enable GlobalProtect to initiate scripts before and after establishing a connection and before disconnecting. Because these options are not available in the portal, you must define the values for the relevant key—either pre-vpn-connect, post-vpn-connect, or pre-vpn-disconnect—from the Windows registry or macOS plist. For detailed steps to deploy scripts, see Deploy Scripts Using the Windows Registry, Deploy Scripts Using Msiexec, or Deploy Scripts Using the macOS Plist.
Table: Customizable Script Deployment Options
Portal Agent Configuration
Windows Registry/macOS Plist
Msiexec Parameter
Default
Execute the script specified in the command setting (including any parameters passed to the script).
Environmental variables are supported.
Specify the full path in commands.
command <parameter1> <parameter2> [...]
Windows example:
command %userprofile%\vpn_script.bat c: test_user
macOS example:
command $HOME/vpn_script.sh /Users/test_user test_user
PREVPNCONNECTCOMMAND= ”<parameter1> <parameter2> [...]”
POSTVPNCONNECTCOMMAND= ”<parameter1> <parameter2> [...]”
PREVPNDISCONNECTCOMMAND= ”<parameter1> <parameter2> [...]”
n/a
(Optional) Specify the privileges under which the command(s) can run (default is user: if you do not specify the context, the command runs as the current active user).
context admin | user
PREVPNCONNECTCONTEXT= ”admin | user”
POSTVPNCONNECTCONTEXT= ”admin | user”
PREVPNDISCONNECTCONTEXT= ”admin | user”
user
(Optional) Specify the number of seconds the GlobalProtect app waits for the command to execute (range is 0-120). If the command does not complete before the timeout, the app proceeds to establish a connection or disconnect. A value of 0 (the default) means the app does not wait to execute the command.
Not supported for post-vpn-connect.
timeout <value>
Example:
timeout 60
PREVPNCONNECTTIMEOUT= ”<value>
PREVPNDISCONNECTTIMEOUT= ”<value>
0
(Optional) Specify the full path of a file used in a command. The GlobalProtect app verifies the integrity of the file by checking it against the value specified in the checksum key.
Environmental variables are supported.
file <path_file>
PREVPNCONNECTFILE= ”<path_file>
POSTVPNCONNECTFILE= ”<path_file>
PREVPNDISCONNECTFILE= ”<path_file>
n/a
(Optional) Specify the sha256 checksum of the file referred to in the file key. If the checksum is specified, the GlobalProtect app executes the command(s) only if the checksum generated by the GlobalProtect app matches the checksum value specified here.
checksum <value>
PREVPNCONNECTCHECKSUM= ”<value>
POSTVPNCONNECTCHECKSUM= ”<value>
PREVPNDISCONNECTCHECKSUM =”<value>
n/a
(Optional) Specify an error message to inform the user that either the command(s) cannot be executed or the command(s) exited with a non-zero return code.
The message must be 1,024 or fewer ANSI characters.
error-msg <message>
Example:
error-msg Failed executing pre-vpn-connect action!
PREVPNCONNECTERRORMSG= ”<message>
POSTVPNCONNECTERRORMSG= ”<message>
PREVPNDISCONNECTERRORMSG =”<message>
n/a