Skip to main content
Jamf Nation, hosted by Jamf, is a knowledgeable community of Apple-focused admins and Jamf users. Join us in person at the ninth annual Jamf Nation User Conference (JNUC) this November for three days of learning, laughter and IT love.

How to restart the global protect VPN agent.

So we use the Global Protect client for our vpn. One of the issues we have with this is that the thing seems to loose the ability to reconnect after being constantly suspended or put to sleep by our laptop users.

Its not enough to kill the process to get it running again, you have to unload and reload the daemons to get it running again.

One of the Devops guys (Scott) I work with made this little script to do just that;


echo "Stopping GlobalProtect..." launchctl remove launchctl remove echo "Done!"

echo "Starting GlobalProtect..." launchctl load /Library/LaunchAgents/ launchctl load /Library/LaunchAgents/ echo "Done!"

exit 0

Hope it helps someone out there.

Like Comment
Order by:
SOLVED Posted: by franton


Just to warn you, this launchctl commands you're using are marked as "legacy" now. They'll work on Sierra currently, but not forever. Have a look at the man page for more details.

SOLVED Posted: by CypherCookie


Thats always good to know!

I'll be sure to look into the new way apple are gonna make me do this!

SOLVED Posted: by skinford

@CypherCookie, Good Morning,

We have moved to Global Protect in our college environment. I apologize for asking this but what is the process to download the AD certificate on the mac automatically which in our environment gets switched out on a regular basis? Before this, we were using Cisco VPN and it was just an install that we used for a long time. At this point, they switched off Cisco and I currently have no VPN access but need it to manage our Macs. Currently, I have the MacBook in the AD, the Global Protect software installed on the MacBook and need to figure out how to get the certificate to download from AD regularly.

Thank you for your time in this matter. Have a very great day!

SOLVED Posted: by CypherCookie

Hi @skinford the certificate is deployed by the SCEP server which we set up before the vpn goes live. To get that working, the certificate was pre-installed via a secure build lan connection which has a direct connection with the JSS & SCEP server.

SOLVED Posted: by skinford

Thanks @CypherCookie I think we need to install a Casper plugin for that, but before that our servers need to be Windows 2016, we're still on 2012 and not sure they're moving up yet for us, so I'm sort of stuck in stall mode for the time being.

Appreciate the assistance, have a very great day today!

SOLVED Posted: by CypherCookie

pretty sure there is no plugin to be configured. You just point to the server you want in the config profile and it should do the authentication for the user.

side note : user accounts need to be mdm enabled to get the profiles working as they are a per user profile not device.