Monitoring GlobalProtect Using PAN-OS
This chapter provides information about the GlobalProtect logs provided by
PAN-OS
| Where Can I Use This? | What Do I Need? |
|---|
- NGFW (managed by Panorama)
|
- GlobalProtect Subscription License
|
GlobalProtect logs in PAN-OS offer a detailed, real-time view of your remote access
environment's security and operational status. By logging every stage of the
GlobalProtect connection lifecycle, these logs provide the necessary visibility to
troubleshoot operational issues, audit user activity, and verify security policy
enforcement. This chapter explains how to access and interpret GlobalProtect logs
directly through the PAN-OS web interface.
You can use the GlobalProtect logs for:
- Troubleshooting: Identify and resolve user connection or
performance issues.
- User Auditing: Track user activity for security reviews
and compliance verification.
- Policy Enforcement: Confirm that security policies are
being correctly applied to remote traffic.
These features are available for any Palo Alto Networks next-generation firewall deployed
as a GlobalProtect gateway or portal.
Monitoring Quick Reference
Use the following table to match common monitoring goals to the
correct log type and filter in PAN-OS.
| Goal | Log Type | Filter or Zone |
|---|
| View established VPN sessions | | Source zone: GP |
| Find a client's public IP before tunnel
establishment | | ( eventid eq portal-prelogin ) |
| Correlate a client's public IP to a portal
or gateway connection | | Destination: portal or gateway IP address |
