Is there a way to check the agent "Config name" that is retrieved for specific remote user on GlobalProtect?

• Palo Alto Firewalls
• GlobalProtect (GP) Portal/Gateway
• GlobalProtect App

• Yes, we can get the agent "Config name" for a specific remote user who is connected to GP in two ways:
  1. GP monitor logs can tell us the portal agent "Config name" during the "portal-getconfig" event in the "Description" field as shown below in the GUI:
  2. Search for the string "<agent-config name=" in the PanGPA.log shows us what config has been retrieved from the portal for that user as shown below:

<agent-config name="agent-config">
		<save-user-credentials>2</save-user-credentials>
		<portal-2fa>no</portal-2fa>
		<internal-gateway-2fa>no</internal-gateway-2fa>
		<auto-discovery-external-gateway-2fa>no</auto-discovery-external-gateway-2fa>
		<manual-only-gateway-2fa>no</manual-only-gateway-2fa>
		<disconnect-reasons/>
		<uninstall>allowed</uninstall>
		<client-upgrade>prompt</client-upgrade>
		<enable-signout>yes</enable-signout>
		<use-sso-pin>no</use-sso-pin>
		<use-sso-macos>no</use-sso-macos>
		<logout-remove-sso>yes</logout-remove-sso>
		<krb-auth-fail-fallback>yes</krb-auth-fail-fallback>
		<default-browser>no</default-browser>
		<retry-tunnel>30</retry-tunnel>
		<retry-timeout>5</retry-timeout>
		<traffic-enforcement>no</traffic-enforcement>
		<enforce-globalprotect>no</enforce-globalprotect>
		<captive-portal-exception-timeout>0</captive-portal-exception-timeout>
		.
        .
        .
	</agent-config>

• To the users who are not able to connect to the portal, same search as above in the PanGPA log can help in finding the portal agent config that was used.