Simple script that starts and stops GlobalProtect.app on Mac OSX.

global-protect.sh

#!/bin/bash

case $# in
   0)
      echo "Usage: $0 {start|stop}"
      exit 1
      ;;
   1)
      case $1 in
         start)
            echo "Starting GlobalProtect..."
            launchctl load /Library/LaunchAgents/com.paloaltonetworks.gp.pangpa.plist
            launchctl load /Library/LaunchAgents/com.paloaltonetworks.gp.pangps.plist
            echo "Done!"
            ;;
         stop)
            echo "Stopping GlobalProtect..."
            launchctl remove com.paloaltonetworks.gp.pangps
            launchctl remove com.paloaltonetworks.gp.pangpa
            echo "Done!"
            ;;
         *)
            echo "'$1' is not a valid verb."
            echo "Usage: $0 {start|stop}"
            exit 2
            ;;
      esac
      ;;
   *)
      echo "Too many args provided ($#)."
      echo "Usage: $0 {start|stop}"
      exit 3
      ;;
esac

@kaleksandrov thank you, I understand that. However, do you think it would be possible, seeing that some of the scripts above are using the click functionality?

This is a easier version that works for me in macOS Sonoma

vpn() {
    if [ "$1" = "stop" ]; then
        launchctl bootout gui/$(id -u) /Library/LaunchAgents/com.paloaltonetworks.gp.pangps.plist > /dev/null 2>&1
        launchctl bootout gui/$(id -u) /Library/LaunchAgents/com.paloaltonetworks.gp.pangpa.plist > /dev/null 2>&1
        echo "VPN unloaded"
    elif [ "$1" = "start" ]; then
        #statements
        launchctl bootstrap gui/$(id -u) /Library/LaunchAgents/com.paloaltonetworks.gp.pangps.plist
        launchctl bootstrap gui/$(id -u) /Library/LaunchAgents/com.paloaltonetworks.gp.pangpa.plist
        echo "VPN loaded"
    fi
}

I adapted the script to kill globalprotect icon in tray on stop and open globalprotect app when start :

# Add the function below to your .zsh_env or .bash_profile
# Usage : globalprotect start or globalprotect stop

globalprotect() {
    if [ "$1" = "stop" ]; then
        launchctl bootout gui/$(id -u) /Library/LaunchAgents/com.paloaltonetworks.gp.pangps.plist > /dev/null 2>&1
        launchctl bootout gui/$(id -u) /Library/LaunchAgents/com.paloaltonetworks.gp.pangpa.plist > /dev/null 2>&1
        PID="$(launchctl list | grep palo | cut -f 1)"

        # Kill the processes IDs only if found
        if [ ! -z "$PID" ]; then
                kill -9 $PID
        fi

        echo "VPN unloaded"
    elif [ "$1" = "start" ]; then
        launchctl bootstrap gui/$(id -u) /Library/LaunchAgents/com.paloaltonetworks.gp.pangps.plist
        launchctl bootstrap gui/$(id -u) /Library/LaunchAgents/com.paloaltonetworks.gp.pangpa.plist
        open -a /Applications/GlobalProtect.app
        echo "VPN loaded"
    fi
}

Just to share:

Here is my version of start / stop script

# echo "START"
# set -e
# set -x

PORTAL="vpn.nios.net"
MAX_ATTEMPTS=10
SLEEP_INTERVAL=5
WAIT_FOR_APP_TO_BE_READY=5
WAIT_FOR_CONNECTION=15

function check_setup() {
    if [ ! -e "/Applications/GlobalProtect.app" ]; then
        echo "GlobalProtect app is not installed."
        exit 1
    fi

    if [ ! -e "/Library/LaunchAgents/com.paloaltonetworks.gp.pangps.plist" ] || [ ! -e "/Library/LaunchAgents/com.paloaltonetworks.gp.pangpa.plist" ]; then
        echo "GlobalProtect launch agents are not properly set up."
        exit 1
    fi
}

function ensure_app_running() {
    for ((i=1; i<=$MAX_ATTEMPTS; i++)); do
        if osascript -e 'tell application "System Events" to (name of processes) contains "GlobalProtect"' &>/dev/null; then
            sleep $WAIT_FOR_APP_TO_BE_READY
            return 0
        fi
        echo "Waiting for GlobalProtect app to start..."
        sleep $SLEEP_INTERVAL
    done

    echo "Failed to start GlobalProtect app."
    exit 1
}

function start_vpn() {
    echo -e "\nStarting GlobalProtect...\n"
    launchctl bootstrap gui/$(id -u) /Library/LaunchAgents/com.paloaltonetworks.gp.pangps.plist
    launchctl bootstrap gui/$(id -u) /Library/LaunchAgents/com.paloaltonetworks.gp.pangpa.plist

    ensure_app_running

    connect_vpn

    sleep $WAIT_FOR_CONNECTION

    if check_vpn_status; then
        echo -e "\nVPN is connected to $PORTAL\n"
        return 0
    fi

    for ((i=1; i<=$MAX_ATTEMPTS; i++)); do
        connect_vpn
        sleep $SLEEP_INTERVAL
        if check_vpn_status; then
        echo -e "\nVPN is connected to $PORTAL\n"
            return 0
        fi
    done

    echo -e "\nFailed to connect to VPN after $MAX_ATTEMPTS attempts\n"
    exit 1
}

function connect_vpn() {
    osascript <<EOF &>/dev/null
    tell application "System Events"
        tell process "GlobalProtect"
            if not (exists window 1) then
                click menu bar item 1 of menu bar 2 -- Activates the GlobalProtect "window" in the menubar
                delay 2 -- Wait for 2 seconds
            end if
            set frontmost to true -- keep window 1 active
            tell window 1
                if exists (first button whose title is "Connect") then
                    tell (first button whose title is "Connect") to if exists then click
                end if
            end tell
        end tell
    end tell
EOF
}

function check_vpn_status() {
    VPN_STATUS=$(osascript <<EOF 2>/dev/null
    tell application "System Events"
        tell process "GlobalProtect"
            set frontmost to true -- keep window 1 active
            tell window 1
                if exists (first button whose title is "Disconnect") then
                    return "Connected"
                else
                    return "Not Connected"
                end if
            end tell
        end tell
    end tell
EOF
    )
    echo "VPN status: $VPN_STATUS"
    if [ "$VPN_STATUS" == "Connected" ]; then
        return 0
    elif [ "$VPN_STATUS" == "Not Connected" ]; then
        return 1
    else
        return 1
    fi
}
function stop_vpn() {
    echo -e "\nStopping GlobalProtect...\n"

    if ! launchctl bootout gui/$(id -u) /Library/LaunchAgents/com.paloaltonetworks.gp.pangps.plist 2>/dev/null || \
       ! launchctl bootout gui/$(id -u) /Library/LaunchAgents/com.paloaltonetworks.gp.pangpa.plist 2>/dev/null; then
        echo "Failed to bootout as current user, trying with sudo..."
        sudo launchctl bootout gui/$(id -u) /Library/LaunchAgents/com.paloaltonetworks.gp.pangps.plist 2>/dev/null
        sudo launchctl bootout gui/$(id -u) /Library/LaunchAgents/com.paloaltonetworks.gp.pangpa.plist 2>/dev/null
    fi

    PIDS=$(launchctl list | grep -E 'com\.paloaltonetworks\.gp\.pangpa|com\.paloaltonetworks\.gp\.pangps' | awk '{print $1}')
    if [ ! -z "$PIDS" ]; then
        echo "Killing GlobalProtect processes..."
        for PID in $PIDS; do 
            if sudo kill -9 $PID; then
                echo "Killed process $PID"
            else
                echo "Failed to kill process $PID"
            fi
        done
    fi

    echo -e "\nVPN stopped\n"
}

case $1 in
    start)
        check_setup
        start_vpn
        ;;
    stop)
        stop_vpn
        ;;
    *)
        echo "'$1' is not a valid verb."
        echo "Usage: $0 {start|stop}"
        exit 1
        ;;
esac

I adapted the script to kill globalprotect icon in tray on stop and open globalprotect app when start :

@damosse31 THANK YOU! That's exactly what I was looking for and it works perfectly on macOS Sonoma and GlobalProtect 6.1.4 🫶

I adapted the script to kill globalprotect icon in tray on stop and open globalprotect app when start :

@damosse31 Thanks, it works perfectly!

macOS Ventura 13.6.6 & GlobalProtect Version: 5.2.13-48

@githubrobbi Thanks for the clearly written code, I adapted your script's connect_vpn function!

As my org requires manual user name and password entry plus a 2FA, I added rudimentary scripts to advance the GP login screens and entering those values via blind keystrokes. The 2FA key is generated by a separate python script that returns the TOTP value using the python lib pyotp by printing it within the python function, and again entering those value via blind keystrokes.

There are definitely better ways to not hardcode the user name, password, and TOTP secret key as well as advancing the screen based on the available buttons rather than blind keystrokes... but it got too late at night and this works for now. Would love it if someone can improve upon it!

MacOS Sonoma 14.7.1 (23H222) & GlobalProtect 6.2.1-132

.zshenv

function vpn() {
    osascript <<EOF &>/dev/null
    tell application "System Events"
	tell process "GlobalProtect"
		if not (exists window 1) then
			click menu bar item 1 of menu bar 2 -- Activates the GlobalProtect "window" in the menubar
			delay 2 -- Wait for 2 seconds
		end if
		set frontmost to true -- keep window 1 active
		tell window 1
			if exists (first button whose title is "Connect") then
				tell (first button whose title is "Connect") to if exists then click
			end if
			
			delay 3
			set textToType to "USERNAME"
			keystroke textToType
			keystroke "	"
			set textToType to "PASSWORD"
			keystroke textToType
			if exists (first button whose title is "Connect") then
				tell (first button whose title is "Connect") to if exists then click
			end if
			
		end tell
		
		delay 10
		set totp to do shell script "python $HOME/TOTP.py"
		keystroke totp
		keystroke return
		-- if exists (first button whose title is "Verify") then
		-- 	tell (first button whose title is "Verify") to if exists then click
		-- end if
		
	end tell
end tell
EOF
}

TOTP.py

import pyotp

secret_key = "SECRET_KEY"

def getToken(secret_key):
    totp = pyotp.TOTP(secret_key)
    token = totp.now()
    print(token) # This is what's returning the value in a shell script execution
    # return token

getToken(secret_key)

Special thanks to @kaleksandrov for starting this gist!