Palo Alto Networks Knowledgebase: Useful GlobalProtect CLI Commands

Useful GlobalProtect CLI Commands

18772
Created On 02/08/19 00:03 AM - Last Updated 02/08/19 00:04 AM
VPNs
Resolution

Overview

This document is intended to provide a list of GlobalProtect CLI commands to help in troubleshooting sessions, users and statistics.

 

Details

Below is a list of commands for “> show global-protect-gateway” that are currently available: (Each give specific information that will be valuable depending on what is being examined)

CommandDescription
current-satelliteShow current GlobalProtect gateway satellites
current-userShow current GlobalProtect gateway users
flowShow dataplane GlobalProtect gateway tunnel information
flow-site-to-siteShow dataplane GlobalProtect site-to-site gateway tunnel information
gatewayShow list of GlobalProtect gateway configuration
previous-satelliteShow previous GlobalProtect gateway satellites
previous-userShow previous user session for GlobalProtect gateway users
statisticsShow statistics of current GlobalProtect gateway users

 

Examples

Below are some of the commands above and the output that can be expected:

> show global-protect-gateway flow

total tunnels configured:                                     1

filter - type GlobalProtect-Gateway, state any

 

total GlobalProtect-Gateway tunnel shown:                     1

 

id    name                  local-i/f         local-ip        tunnel-i/f

-----------------------------------------------------------------------------------------------

2     gp-gateway-N          ethernet1/3       10.30.6.26      tunnel.26

 

 

> show global-protect-gateway current-user

GlobalProtect Gateway: gp-gateway (1 users)

Tunnel Name          : gp-gateway-N

        Domain-User Name          : :test

        Computer                  : HOST17-WIN7-64

        Client                    : Microsoft Windows 7 Enterprise Edition Service Pack 1, 64-bit

        Private IP                : 172.16.148.1

        Public IP                 : 10.30.6.83

        ESP                       : removed

        SSL                       : exist

        Login Time                : Aug.12 17:12:34

        Logout/Expiration         : Sep.11 17:12:34

        TTL                       : 2591960

        Inactivity TTL            : 10760

 

 

> show global-protect-gateway gateway

GlobalProtect Gateway: gp-gateway (1 users)

Tunnel Type          : remote user tunnel

Tunnel Name          : gp-gateway-N

        Tunnel ID                 : 2

        Tunnel Interface          : tunnel.26

        Encap Interface           : ethernet1/3

        Inheritance From          :

        Local Address             : 10.30.6.26

        SSL Server Port           : 443

        IPSec Encap               : no

        HTTP Redirect             : no

        UDP Port                  : 4501

        Max Users                 : 0

        IP Pool Ranges            : 172.16.148.1 - 172.16.148.254;

        IP Pool index             : 0

        Next IP                   : 172.16.148.2

        DNS Servers               : 4.2.2.2

                                  : 0.0.0.0

        Access Routes             : 0.0.0.0/0;

        VSYS                      : vsys1 (id 1)

        SSL Server Cert           : iamportal

        Auth Profile              : local

        Client Cert Profile       :

        Lifetime                  : 2592000 seconds

        Idle Timeout              : 10800 seconds

 

 

owner: panagent



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClhQCAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language