Useful GlobalProtect gateway CLI commands

Useful GlobalProtect gateway CLI commands

111195
Created On 09/25/18 20:34 PM - Last Modified 04/20/20 21:48 PM


Symptom

This document is intended to provide a list of GlobalProtect CLI commands on gateway to display sessions, users and statistics.



Environment
  • PAN-OS 8.1, 9.0
  • Palo Alto Firewall.
  • GlobalProtect Configured.


Resolution

Below is a list of commands for> show global-protect-gateway” that are currently available: (Each give specific information that will be valuable depending on what is being examined)

CommandDescription
current-satelliteShow current GlobalProtect gateway satellites
current-userShow current GlobalProtect gateway users
flowShow dataplane GlobalProtect gateway tunnel information
flow-site-to-siteShow dataplane GlobalProtect site-to-site gateway tunnel information
gatewayShow list of GlobalProtect gateway configuration
previous-satelliteShow previous GlobalProtect gateway satellites
previous-userShow previous user session for GlobalProtect gateway users
statisticsShow statistics of current GlobalProtect gateway users

 

Examples

Some of the commands are listed below with the expected outputs.

> show global-protect-gateway flow

total tunnels configured:                                     1
filter - type GlobalProtect-Gateway, state any
total GlobalProtect-Gateway tunnel shown:                     1

id    name                  local-i/f         local-ip        tunnel-i/f
-----------------------------------------------------------------------------------------------
2     gp-gateway-N          ethernet1/3       10.30.6.26      tunnel.26
 
> show global-protect-gateway current-user
GlobalProtect Gateway: gp-gateway (1 users)

Tunnel Name          : gp-gateway-N
        Domain-User Name          : :test
        Computer                  : HOST17-WIN7-64
        Client                    : Microsoft Windows 7 Enterprise Edition Service Pack 1, 64-bit
        Private IP                : 172.16.148.1
        Public IP                 : 10.30.6.83
        ESP                       : removed
        SSL                       : exist
        Login Time                : Aug.12 17:12:34
        Logout/Expiration         : Sep.11 17:12:34
        TTL                       : 2591960
        Inactivity TTL            : 10760
 
> show global-protect-gateway gateway

GlobalProtect Gateway: gp-gateway (1 users)
Tunnel Type          : remote user tunnel
Tunnel Name          : gp-gateway-N
        Tunnel ID                 : 2
        Tunnel Interface          : tunnel.26
        Encap Interface           : ethernet1/3
        Inheritance From          :
        Local Address             : 10.30.6.26
        SSL Server Port           : 443
        IPSec Encap               : no
        HTTP Redirect             : no
        UDP Port                  : 4501
        Max Users                 : 0
        IP Pool Ranges            : 172.16.148.1 - 172.16.148.254;
        IP Pool index             : 0
        Next IP                   : 172.16.148.2
        DNS Servers               : 4.2.2.2
                                  : 0.0.0.0

        Access Routes             : 0.0.0.0/0;
        VSYS                      : vsys1 (id 1)
        SSL Server Cert           : iamportal
        Auth Profile              : local
        Client Cert Profile       :
        Lifetime                  : 2592000 seconds
        Idle Timeout              : 10800 seconds
 

 

 

 



Additional Information
The CLI quickstart guide provides other available CLI commands.

Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClhQCAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language