GlobalProtect on Linux, error 512, MFA

Hi there.

So, I just started working for a new client who uses GlobalProtect. After some googling, I found that it’s supported out-of-the-box by NetworkManager via openconnect.

Just that it doesn’t work for me.

When trying to connect on the CLI, the error is a 512 Custom Error.

Again, some googling showed that some could resolve this issue by explicitly adding /gateway to their endpoint, or by providing --usergroup gateway. This does not solve the issue for me.

So, as a last resort, I thought I’d install the proprietary GlobalProtect client. Easier said than done, they don’t even provide their client as a public download. Suspicious for an alleged secure application!

Instead, they state to “Obtain the app package from your IT administrator” or to download it from the portal download page, just that even their own screenshots in the docs don’t even list a client for Linux. It doesn’t exist in my client’s portal either.

So what can I do?

Might my error 512 have to do with the client’s incapability to redirect to a multi factor authentication site? My client uses PingId.

Thanks for any help, or maybe some insights into why a provider would not offer their packages publicly.