I use Palo Alto Networks GlobalProtect VPN on my Mac at home to VPN into our corporate office. We use two-factor authentication via client certificates, in my case I have a YubiKey USB device that holds the certificate needed for the VPN to connect.

Unfortunately, it appears that sporadically the GlobalConnect VPN simply won’t connect, and does not error with a sensible message, after clicking “Connect” it attempts to retrieve configuration before quickly failing silently. Only after I reboot does it start working again, which is frustrating.

Researching PAN documentation and logs didn’t help much, instead I found that unloading and reloading the GlobalProtect daemons did the trick without requiring a reboot. You can stick this into a script and run it when the VPN is failing to connect:

1) Open a text edit and paste the following:

!/bin/bash
echo "Stopping GlobalProtect..."
launchctl remove com.paloaltonetworks.gp.pangps
launchctl remove com.paloaltonetworks.gp.pangpa
echo "Done!"
sleep 3
echo "Starting GlobalProtect..."
launchctl load /Library/LaunchAgents/com.paloaltonetworks.gp.pangpa.plist
launchctl load /Library/LaunchAgents/com.paloaltonetworks.gp.pangps.plist
echo "Done!"
exit 0

2) Save the file with your preferred name e.g. RestartVPN without a file extension

3) Open a terminal, and run the following to make the file an executable:

chmod 700 RestartVPN
4) You can now run the file by double-clicking, or from the terminal via:

./RestartVPN