Event Descriptions for the GlobalProtect Logs in PAN-OS
Event descriptions for the GlobalProtect portal, gateway,
and Clientless VPN logs in PAN-OS.
Use the following descriptions to help you to identify
GlobalProtect portal, gateway, or Clientless VPN events when viewing
GlobalProtect logs in PAN-OS at :
Monitor
Logs
GlobalProtect
Portal Event Details
The following table describes log events
related to the GlobalProtect portal.
Event | Description |
---|---|
portal-auth | Indicates a GlobalProtect portal authentication
stage. See Status for results. |
portal-gen-cookie | Indicates a GlobalProtect portal authentication
override cookie generation event. See Status for results. |
portal-getconfig | Indicates a GlobalProtect portal event for generating
GlobalProtect client configuration, such as dynamic app configuration
or gateway list. |
portal-prelogin | Indicates a GlobalProtect portal pre-login event.
As a part of the event, the GlobalProtect client does the following:
|
Gateway Event Details
The following table describes log events
related to the GlobalProtect gateway.
Event | Description |
---|---|
gateway-agent-msg | Indicates a GlobalProtect gateway event
for a message received from the GlobalProtect client, such as GlobalProtect
client disable reason message. |
gateway-auth | Indicates GlobalProtect gateway authentication
stage. See Status for results. |
gateway-config-release | Indicates a GlobalProtect gateway event
for configuration release, such as remove ip-user mapping or remove
tunnel. |
gateway-connected | Indicates a GlobalProtect gateway event
for a GlobalProtect client successful connection for tunnel or non-tunnel
mode. |
gateway-framed-ip | Indicates a GlobalProtect gateway event where
the gateway retrieved a framed IPv4 address from RADIUS for a GlobalProtect client. |
gateway-getconfig | Indicates a GlobalProtect gateway event
for generating GlobalProtect client configuration, such as split-tunnel,
virtual IP, or tunnel information. |
gateway-hip-check | Indicates a GlobalProtect gateway event
to confirm whether a GlobalProtect HIP report was updated or not,
and to refresh ip-user mapping. Refer to the description for latency
reported information. Examples include items such as HIP report
is not needed or HIP report is needed. |
gateway-hip-report | Indicates a GlobalProtect gateway event
to confirm whether a HIP report was received from a GlobalProtect
client, to update ip-user mapping, and to enforce HIP policy. |
gateway-inheritance | Indicates a GlobalProtect gateway event where
a GlobalProtect gateway is using a dynamic IP address and the IP
address changed. |
gateway-logout | Indicates a GlobalProtect gateway event
for a GlobalProtect client logout. |
gateway-prelogin | Indicates a GlobalProtect gateway event. As
a part of the event, the GlobalProtect client does the following:
|
gateway-register | Indicates GlobalProtect client user information,
such as username, domain-name, computer name, hostid, serial number,
public ip, or login time is added on the gateway. |
gateway-setup-ipsec | Indicates a GlobalProtect gateway event
for setting up an IPSec VPN tunnel. |
gateway-setup-ssl | Indicates a GlobalProtect gateway event
for setting up a SSL VPN tunnel. |
gateway-switch-to-ssl | Indicates a GlobalProtect gateway tunnel switch
from IPSec to SSL considering IPSec tunnel was not successful. |
gateway-tunnel-latency | Indicates GlobalProtect gateway latency provided
by a GlobalProtect client. Refer to description for latency reported
information, such as Pre-tunnel latency: 10ms or Post-tunnel latency:
1ms |
quarantine-add | Indicates a GlobalProtect gateway event
for a GlobalProtect client, confirming that the client is added
to the quarantine list. |
quarantine-delete | Indicates a GlobalProtect gateway event
for a GlobalProtect client, confirming that the client is removed
from the quarantine list. |
Clientless VPN Event Details
The following table describes log events
related to the GlobalProtect Clientless VPN.
Event | Description |
---|---|
clientlessvpn-login | Indicates a GlobalProtect portal event for GlobalProtect
Clientless VPN login. |
clientlessvpn-logout | Indicates a GlobalProtect portal event for GlobalProtect
Clientless VPN logout. |
clientlessvpn-prelogin | Indicates a GlobalProtect portal event for GlobalProtect
Clientless VPN. As a part of the event, the following takes place:
|
Recommended For You
Recommended Videos
Recommended videos not found.