Hi everyone,
I’m working in a corporate environment that’s just switched entirely from Cisco AnyConnect VPN to GlobalProtect. I have a small software package, written for Windows 10 users who don’t necessarily know much about tech, that previously checked VPN status because our corporate VPN is slow. When the VPN was connected, the software introduced extra sleep time to make up for a poor connection and a process that didn’t feed back when it was complete. I’m also not a professional dev, just a smalltime Python writer, so please feel free to overexplain. 
With Cisco, I could simply run [path/to/Cisco]/vpncli.exe state, and it would return whether the VPN was disconnected. I’m struggling to do something similar with GlobalProtect. I’ve found a bunch of log files like PanGPA.log which I guess I could read in, but that seems non-ideal.
I guess my other option is to include a check box for “I’m on VPN” that the user would have to tick! Would prefer to avoid that… thanks for any insights!
You can print the route table of a machine and grep for a route entry you expect to only see while connected to the vpn - if the entry is found the vpn is connected
You can also make an api call to the firewall to query if a specific user is connected
So, in Powershell:
Test-ComputerSecureChannel
Will tell if your Domain joined device is ‘on Domain’. If “on VPN” means “on Domain”, then that might work.
You can also like… do the good old DNS lookup? Lookup your Domain name? If it returns a good value/is pingable? Good to go.
Those aren’t GREAT solutions, but I use both in a lot of my horrible “Client Health” type Powershell scripts, that need to detect Domain (and by virtue, Palo state).
I’ve never tried it, and it might not work great due to the NIC being more ‘tricky’, but something like this too:
https://devblogs.microsoft.com/scripting/powertip-use-powershell-to-show-network-adapter-status/
And then parse through the Palo NIC?
I like the good old DNS lookup/ping network service/etc personally, just make sure to timeout or you’ll hang on VPN disconnect depending on how you implement. Some python clients will just hang.
