Global protect

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Global protect

L0 Member

Hi team,

How can i extract a detailed report on the list of all Global protect users (VPN users). this report aims to get the date each user was created. this is for audit reasons and i would appreciate if any one has a solution. 



L2 Linker

There are multiple ways to get this.


If you are just doing it one time, you can look at the system logs and use the following search filter

(eventid eq globalprotectportal-config-succ).  This could take a really long time depending on how long you keep logs for some might want to also add a date filter like (receive_time in last-30-days).


Also you can use the API using the following

https://"Firewall URL"/api/?type=op&cmd=<show><global-protect-gateway><previous-user/>

Cyber Elite
Cyber Elite

are you using local users or are you going through an authentication protocol (kerberos, ldap, ...) ?


locally created users will show up in the configuration log and is not part of the reporting capabilities (as these are traffic oriented) 


if you export system logs a SIEM might be able to craft a nice report

Tom Piens
PANgurus - (co)managed services and consultancy
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!