-
-
Save enxt/1e6aeaabdb5b3ab5461ee8d01b20d0aa to your computer and use it in GitHub Desktop.
PowerShell script to remove unwanted "full tunnel" Palo Alto GlobalProtect VPN routes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Description name of the GlobalProtect interface | |
| $gp_iface = "PANGP Virtual Ethernet Adapter" | |
| # Routes to remove from the GlobalProtect interface | |
| $bad_routes = @( | |
| '0.0.0.0/0', | |
| '10.1.10.0/24', | |
| '10.1.10.255/32', | |
| '172.16.100.0/24', | |
| '192.168.1.0/24') | |
| # How many loops used to remove routes. | |
| # GlobalProtect will re-add routes if this value is too low. | |
| $loop_count = 5 | |
| # Sleep time per loop, in seconds (decimal) | |
| $sleep_time = 1 | |
| Write-Output "Finding GlobalProtect interface index..." | |
| $gp_idx = (Get-NetAdapter -InterfaceDescription $gp_iface).IfIndex | |
| Write-Output "GlobalProtect interface index: $gp_idx" | |
| Write-Output "Dumping GlobalProtect routes..." | |
| Get-NetRoute -InterfaceIndex $gp_idx | |
| Write-Output "Removing bad routes..." | |
| For ($i = 0; $i -le $loop_count; $i++ ) { | |
| foreach ($route in $bad_routes ) { | |
| try { | |
| Remove-NetRoute -DestinationPrefix $route -InterfaceIndex $gp_idx -Confirm:$false -ErrorAction Stop | |
| Write-Output "+ Deleted route: $route" | |
| } | |
| catch { } | |
| } | |
| Start-Sleep -Seconds $sleep_time | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment