03-12-2024 08:51 AM
I am trying to remove remote users from Global Protect using XML API. I have attempted to remove a user from both the Gateway and the Portal but I have not been successful.
This is the command I am using to remove the user from the Gateway:
(Sections in bold are the changes I made to the XML API)
https://Firewall_Name/api/?type=op&cmd=<request><plugins><cloud_services><prisma-access><logout_mobile_user><gateway><user>User_Name</user></gateway></logout_mobile_user></prisma-access></cloud_services></plugins></request>&key=xxxxAPIKeyxxxx
This is the result I get from entering the above:
This is the command I am using to remove the user from the Portal:
(Sections in bold are the changes I made to the XML API)
https://Firewall_Name/api/?type=op&cmd=<request><plugins><cloud_services><prisma-access><logout_mobile_user><portal><user>User_Name</user></portal></logout_mobile_user></prisma-access></cloud_services></plugins></request> &key=xxxxAPIKeyxxxx
This is the result I get from entering the above:
When I use XML API to give me a count of connected users or to give me system info these XML API calls work and return the desired information.
Do I need to change/add something else to the Gateway and Portal calls above?
Thanks for the help!
03-14-2024 09:13 PM
Hello @John_J ,
I totally missed that you were using Prisma Access in your January post. I'm sorry. You may be able to do it from Panorama. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClamCAC At least the GUI supports it.
Here is a VERY COOL trick. If you know how to do it from the CLI, enable "debug cli on" and the NGFW will show you the XML syntax! https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-panorama-api/get-started-with-the-pan-os-xml-ap...
This is the op cmd that worked for me on a regular NGFW.
<request><global-protect-gateway><client-logout><gateway>Gateway-Name-N</gateway><domain>Domain</domain><user>Username</user><reason>force-logout</reason><computer>Computer-Name</computer></client-logout></global-protect-gateway></request>
It's not like Prisma Access, but I HAD to put in the gateway-N name, domain, and user name.
I have a couple suggestions:
I hope this helped.
Tom
This thread
04-02-2024 07:48 AM
Thanks for the great info and the help @TomYoung!
I opened a ticket with support and they had me do the following which works for Prisma Access. I had to add the computer name in base64 and the domain. Once I added these to the XML API along with the username in base64 this worked to disconnect the client from the VPN.
'https://x.x.x.x/api/?type=op&cmd=<request><plugins><cloud_services><gpcs><logout_mobile_user><gateway><computer>computernameinbase64</computer><domain>domain.com</domain><user>usernameinbase64</user> </gateway></logout_mobile_user></gpcs></cloud_services></plugins></request>&key=<your_key>'
Only problem I am having now is the client automatically reconnects without having to reauth due to the Global Protect auth cookie. Next step is to find a way to remove the GP cookie before killing the VPN.
Thanks again!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
