06-14-2024 10:55 AM
Is there an easy way to schedule GlobalProtect users to disconnect at a specific time of day? Not looking for idle session timeout.
06-15-2024 08:00 PM
Hi @BrandonBowman ,
I do not know of an easy way in the configuration. You could script an API request or CLI command to be pushed to logout all GlobalProtect users. The API call can be as easy as a Linux cron job running curl with the authentication cookie (please keep secret!).
/api/?type=op&cmd=<request><global-protect-gateway><client-logout-all></client-logout-all></global-protect-gateway></request>
CLI: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClamCAC
The question is, "Do you want to keep them out?" Then you would need something like a scheduled security policy rule to block access (does not work on existing sessions), or time limits for your users on your authentication server.
Thanks,
Tom
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
