Error:
An unexpected error occurred. Please click Reload to try again.
Error:
An unexpected error occurred. Please click Reload to try again.
How to List Current or Previously Connected GlobalProtect Users - Knowledge Base - Palo Alto Networks

How to List Current or Previously Connected GlobalProtect Users

277954
Created On 09/26/18 13:47 PM - Last Modified 04/20/20 23:38 PM


Symptom


The following steps describe how to view a list of the GlobalProtect users that are currently or previously connected to the GlobalProtect gateway.



Environment


  • Global Protect
  • Pan-OS


Resolution


 

On the WebGUI:

  1. Go to Network > GlobalProtect > Gateways > Click on "Remote Users":
    Remote Users
  2. Under User Information - GlobalProtect Gateway (Current User), a list of the users currently connected will be displayed:
    User Information
  3. Previous Users can be viewed by selecting the Previous User tab:
    Previous User

 

On the CLI:

Use the following command:

> show global-protect-gateway current-user

CLI Current User

Either ESP or SSL will show as "exist". If ESP is "exist", GlobalProtect connected using IPSec. If SSL is "exist", GlobalProtect connected using SSL.

 

You can also list previous connected users with the following command:

> show global-protect-gateway previous-user

CLI Previous User

 

The output of either command can be shortened to only include the usernames by piping the output to "match" as shown below:

> show global-protect-gateway current-user | match "User Name"

> show global-protect-gateway previous-user | match "User Name"

CLI Current User Match

 

If there are multiple configured Gateways on the same firewall, specify which gateway and see its connected or previous users with command:

> show global-protect-gateway current-user gateway "<Gateway_Name>"

> show global-protect-gateway previous-user gateway "<Gateway_Name>"

CLI User Gateway

ON API:

You can also generate the current users /previous users by using the API :
  1.  Generate the API key required for authenticating API calls:
         
To generate an API key, make a URL request to the firewall’s hostname or IP addresses using the administrative credentials


'https://firewall/api/?type=keygen&user=username&password=password'

       User-added image

       2. Make a CURL call to get the current users with the key from the first step:
         

https://<firewall>/api/?type=op&cmd=<show><global-protect-gateway><current-user></current-user></global-protect-gateway></show>&key=

      Output gives you the current users :

      User-added image
       
 


Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClorCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language