How to List Current or Previously Connected GlobalProtect Users

 

On the WebGUI:

1. Go to Network > GlobalProtect > Gateways > Click on "Remote Users":
   
2. Under User Information - GlobalProtect Gateway (Current User), a list of the users currently connected will be displayed:
   
3. Previous Users can be viewed by selecting the Previous User tab:
   

 

On the CLI:

Use the following command:

> show global-protect-gateway current-user

Either ESP or SSL will show as "exist". If ESP is "exist", GlobalProtect connected using IPSec. If SSL is "exist", GlobalProtect connected using SSL.

 

You can also list previous connected users with the following command:

> show global-protect-gateway previous-user

 

The output of either command can be shortened to only include the usernames by piping the output to "match" as shown below:

> show global-protect-gateway current-user | match "User Name"

> show global-protect-gateway previous-user | match "User Name"

 

If there are multiple configured Gateways on the same firewall, specify which gateway and see its connected or previous users with command:

> show global-protect-gateway current-user gateway "<Gateway_Name>"

> show global-protect-gateway previous-user gateway "<Gateway_Name>"

ON API:

You can also generate the current users /previous users by using the API :

1.  Generate the API key required for authenticating API calls:

         

To generate an API key, make a URL request to the firewall’s hostname or IP addresses using the administrative credentials


'https://firewall/api/?type=keygen&user=username&password=password'

       

       2. Make a CURL call to get the current users with the key from the first step:
         

https://<firewall>/api/?type=op&cmd=<show><global-protect-gateway><current-user></current-user></global-protect-gateway></show>&key=

      Output gives you the current users :