This document is intended to provide a list of GlobalProtect CLI commands on gateway to display sessions, users and statistics.
Environment
PAN-OS 8.1, 9.0
Palo Alto Firewall.
GlobalProtect Configured.
Resolution
Below is a list of commands for “> show global-protect-gateway” that are currently available: (Each give specific information that will be valuable depending on what is being examined)
Command
Description
current-satellite
Show current GlobalProtect gateway satellites
current-user
Show current GlobalProtect gateway users
flow
Show dataplane GlobalProtect gateway tunnel information
flow-site-to-site
Show dataplane GlobalProtect site-to-site gateway tunnel information
gateway
Show list of GlobalProtect gateway configuration
previous-satellite
Show previous GlobalProtect gateway satellites
previous-user
Show previous user session for GlobalProtect gateway users
statistics
Show statistics of current GlobalProtect gateway users
Examples
Some of the commands are listed below with the expected outputs.
> show global-protect-gateway flow
total tunnels configured: 1
filter - type GlobalProtect-Gateway, state any
total GlobalProtect-Gateway tunnel shown: 1
id name local-i/f local-ip tunnel-i/f
-----------------------------------------------------------------------------------------------
2 gp-gateway-N ethernet1/3 10.30.6.26 tunnel.26
> show global-protect-gateway current-user
GlobalProtect Gateway: gp-gateway (1 users)
Tunnel Name : gp-gateway-N
Domain-User Name : :test
Computer : HOST17-WIN7-64
Client : Microsoft Windows 7 Enterprise Edition Service Pack 1, 64-bit
Private IP : 172.16.148.1
Public IP : 10.30.6.83
ESP : removed
SSL : exist
Login Time : Aug.12 17:12:34
Logout/Expiration : Sep.11 17:12:34
TTL : 2591960
Inactivity TTL : 10760
> show global-protect-gateway gateway
GlobalProtect Gateway: gp-gateway (1 users)
Tunnel Type : remote user tunnel
Tunnel Name : gp-gateway-N
Tunnel ID : 2
Tunnel Interface : tunnel.26
Encap Interface : ethernet1/3
Inheritance From :
Local Address : 10.30.6.26
SSL Server Port : 443
IPSec Encap : no
HTTP Redirect : no
UDP Port : 4501
Max Users : 0
IP Pool Ranges : 172.16.148.1 - 172.16.148.254;
IP Pool index : 0
Next IP : 172.16.148.2
DNS Servers : 4.2.2.2
: 0.0.0.0
Access Routes : 0.0.0.0/0;
VSYS : vsys1 (id 1)
SSL Server Cert : iamportal
Auth Profile : local
Client Cert Profile :
Lifetime : 2592000 seconds
Idle Timeout : 10800 seconds