>
    Strata Copilot
    Identify a Client's Public IP Address Before Tunnel Establishment in PAN-OS
    Focus
    Download PDF
    Focus
    1. Home
    2. GlobalProtect
    3. GlobalProtect Administrator's Guide
    4. GlobalProtect Monitoring and Troubleshooting
    5. Monitoring GlobalProtect Using PAN-OS
    6. Identify a Client's Public IP Address Before Tunnel Establishment in PAN-OS
    Download PDF
    GlobalProtect

    Identify a Client's Public IP Address Before Tunnel Establishment in PAN-OS

    Table of Contents

    Identify a Client's Public IP Address Before Tunnel Establishment in PAN-OS

    In PAN-OS, find a GlobalProtect client's public IP address before the VPN tunnel is established by filtering traffic logs and system logs.
    Where Can I Use This?What Do I Need?
    • NGFW (managed by Panorama)
    • GlobalProtect Subscription License
    Before a VPN tunnel is established, a GlobalProtect® client connects to the portal or gateway using its public IP address. The GP source zone in traffic logs only captures post-tunnel connections using the client's assigned private (tunnel) IP — it does not reflect the client's public IP or pre-tunnel activity. To correlate a client's public IP address with its geographic source region before login, filter traffic logs using the portal or gateway IP as the destination, or use the portal-prelogin event ID in system logs.
    1. To find the client's public IP in traffic logs, select MonitorLogsTraffic and filter by the portal or gateway IP address as the destination.
      For example, if your portal IP is portal_or_gateway_ip, apply the filter:
      ( addr.dst in portal_or_gateway_ip )
      The results show the client's public source IP address before the tunnel was established.
    2. To find the client's public IP in system logs, select MonitorLogsSystem and apply the following filter:
      ( eventid eq portal-prelogin )
      The results include the client's public IP address and can be used to verify source region visibility before the tunnel is established.

    © 2026 Palo Alto Networks, Inc. All rights reserved.