Various stages of GlobalProtect that are seen on logs
7796
Created On 04/16/21 17:40 PM - Last Modified 01/19/23 04:37 AM
Question
What are the various stages of the Global Protect that are seen in the GUI: Monitor >Logs >GlobalProtect?
Environment
- Palo Alto Firewall.
- PAN-OS 9.1 and above
- GlobalProtect Portal or Gateway Configured.
- Global Protect (GP)Logs,
Answer
- before-login : This is the stage where the Portal pre-login happens during which the client-side reachability (PORT=443, URL=/global-protect/prelogin.esp) and client certificate, etc are checked
- login: This is the stage where the portal authentication happens against the user credentials depending on the authentication profile set
- configuration: This is the stage where the Portal Configuration Digest is pulled from either the cached config or from the actual portal. It also matches the user to any existing cookies if at all present. It then checks for the available gateways.
- before-login: Here it does the Gateway-Prelogin. It checks for the GW connectivity and server certificate verification and then completes the network discovery.
- login: In this stage, it does the Gateway login and checks on the user cookies if at all available. It also gets the IPv4 or IPv6 address for Gateway and user.
- tunnel: This is the stage where the IP-Sec/SSL tunnel is established for the GP traffic. GW configuration is obtained and creates the tunnel accordingly.
- connected: This is the stage where the Gateway is connected.
- host-info: Checks for the Host Information through the HIP checks.
- logout: This is the stage when the user logs out.