This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

how to check list of users of particular group who are connecting Global protect.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

how to check list of users of particular group who are connecting Global protect.

Deepak_K
L3 Networker

‎01-13-2021 03:55 AM

We want list of users of particular group who are connecting Global protect.

Reason behind this requirement is to get number of users from particular group who are connecting GP. So accordingly we can purchase the licence for 2FA from third party vendor.

We have added multiple groups for GP authentication , if 100 users in HOD group and from them only 50 users connecting GP.
We want list of those 50 users.

0 Likes Likes
5 REPLIES 5

Mick_Ball
L7 Applicator

‎01-13-2021 04:30 AM

I have not seen any direct link to display this but you could add a portal agent config for each group.  just clone the default config (if you have one ) and add each group to the config selection criteria.

 

So your portal would have an agent config named "HOD" and the user/user group under selection criteria would  also be "HOD".

you will then be able to run a custom report on GlobalProtect and use the filter builder  "Description Contains HOD"

 

Or...  If you are forwarding to syslog then you could import all group members into a file and using a "while do" loop grep the logs.

 

(1)

reaper
Cyber Elite
Cyber Elite
In response to Mick_Ball

‎01-13-2021 05:06 AM

in the logs there's no direct correlation between the username and group membership, the group is used more like an access list to be allowed to authenticate

so if you add the HOD group to their own gateway (create a new gateway and only allow that group to use that gateway) you will be able to quickly generate a report or manually inspect the GlobalProtect logs for anyone using that gateway

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
0 Likes Likes

Abdul-Fattah
L4 Transporter

‎01-13-2021 06:12 AM - edited ‎01-13-2021 06:12 AM

you can check the list of users who are connecting or previously were connected to GP from: Network > Globalprotect > Gateway> Remote user > previuos user, you can search for the group you want or you can export the list and do the search and processing that meet your requirements.

 

0 Likes Likes

Mick_Ball
L7 Applicator
In response to Abdul-Fattah

‎01-13-2021 06:40 AM

@Abdul-Fattah 

I cannot see the group listed in previous users, what version??

I only get these columns..

 

MickBall_0-1610548816606.jpeg

 

0 Likes Likes

Abdul-Fattah
L4 Transporter
In response to Mick_Ball

‎01-14-2021 02:22 AM - edited ‎01-14-2021 03:06 AM

@Mick_Ball 

<p>&nbsp;Primary Username field you should be able to seen the Domain and above in the search field you can enter the domain to filter only the wanted users</p>

0 Likes Likes
  • 3101 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks