Error:
An unexpected error occurred. Please click Reload to try again.
Error:
An unexpected error occurred. Please click Reload to try again.
How to Remote Disconnect SSL-VPN or GlobalProtect Users - Knowledge Base - Palo Alto Networks

How to Remote Disconnect SSL-VPN or GlobalProtect Users

112583
Created On 09/25/18 19:38 PM - Last Modified 04/13/23 03:05 AM


Symptom


This article describes how to remote disconnect GlobalProtect users in Palo Alto Networks



Environment


  • PAN-OS 8.1 and above.
  • Palo Alto Firewall.
  • GlobalProtect Configured.


Resolution


Once the user is connected using the GlobalProtect Client, the following options can be used to force a disconnect remotely from the firewall management.

GUI:

  1. Go to Network > GlobalProtect > Gateways
  2. Click on Remote Users
  3. Find the Logout option under the Current User in the last column
  4. Click on the Red icon to disconnect the user

GP-remote-logout.PNG

 

From the CLI:

To force logout all GlobalProtect users

> request global-protect-gateway client-logout-all

 

To force logout individual user

> request global-protect-gateway client-logout user <username> gateway <gateway name> reason force-logout computer <computer-name>
example:
> request global-protect-gateway client-logout user sndp gateway GP reason force-logout computer DESKTOP-U34SJ9Q
 

For Prisma access where GlobalProtect on Cloud is managed by the Panorma, 

  1. GUI: Panorama > Cloud Service > Status
  2. Under Moble Users tab, Click on Current Users
  3. Select the user and click Logout
GP Cloud Service

Current Users


Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClamCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language