Global protect

Reply
Highlighted
L0 Member

Global protect

Hi team,

How can i extract a detailed report on the list of all Global protect users (VPN users). this report aims to get the date each user was created. this is for audit reasons and i would appreciate if any one has a solution. 

thanks

Tags (1)
Highlighted
L2 Linker

Re: Global protect

There are multiple ways to get this.

 

If you are just doing it one time, you can look at the system logs and use the following search filter

(eventid eq globalprotectportal-config-succ).  This could take a really long time depending on how long you keep logs for some might want to also add a date filter like (receive_time in last-30-days).

 

Also you can use the API using the following

https://"Firewall URL"/api/?type=op&cmd=<show><global-protect-gateway><previous-user/>
</global-protect-gateway>
 
 
 
 
Highlighted
L7 Applicator

Re: Global protect

are you using local users or are you going through an authentication protocol (kerberos, ldap, ...) ?

 

locally created users will show up in the configuration log and is not part of the reporting capabilities (as these are traffic oriented) 

 

if you export system logs a SIEM might be able to craft a nice report

reaper - PANgurus.com
I drink and I know things
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!