PA – How to get listing of GlobalProtect users

To create an exportable report for previous logged in users, in monitor/logs/system logs and filter on:

(eventid eq globalprotectportal-config-succ) and (receive_time in last-calendar-month)

In order to collect info about login/logout user information, we need to pull reports from system log.

to collect activity report for particular global-protect user set the filter as
( subtype eq globalprotect ) and ( description contains ‘Name of the user’ )

to view only login info, add additional filter ( description contains ‘user login’)
Similar for user logout, use ‘user logout’

From CLI:
>show global-protect-gateway current-user
for ESP = GP is using IPSec; for SSL = GP is using SSL

>show global-protect-gateway previous-user

or for particular username:
>show global-protect-gateway current-user gateway “gatewayName”
>show global-protect-gateway previous-user gateway “gatewayName”

https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Run-a-Report-for-Previous-Logged-in-GlobalProtect-Users/ta-p/52846

	makarijecudotvorac on Switch Port Security
	Alina on Switch Port Security
	makarijecudotvorac on IP SLA on ASA firewalls
	kjell och company öp… on IP SLA on ASA firewalls
	elias on ASA Object-group Access l…

CCIE Security Blog

Recent Posts

Recent Comments

Archives

Categories

Meta