Show and Manage GlobalProtect Users (API)
Table of Contents
PAN.OS 11.1 & Later
Expand all | Collapse all
-
- Upgrade a Firewall to the Latest PAN-OS Version (API)
- Show and Manage GlobalProtect Users (API)
- Query a Firewall from Panorama (API)
- Upgrade PAN-OS on Multiple HA Firewalls through Panorama (API)
- Automatically Check for and Install Content Updates (API)
- Enforce Policy using External Dynamic Lists and AutoFocus Artifacts (API)
- Configure SAML 2.0 Authentication (API)
- Quarantine Compromised Devices (API)
- Manage Certificates (API)
-
- Asynchronous and Synchronous Requests to the PAN-OS XML API
- Run Operational Mode Commands (API)
- Apply User-ID Mapping and Populate Dynamic Groups (API)
- Get Version Info (API)
-
- PAN-OS REST API
- Access the PAN-OS REST API
- Resource Methods and Query Parameters (REST API)
- PAN-OS REST API Request and Response Structure
- PAN-OS REST API Error Codes
- Work With Objects (REST API)
- Create a Security Policy Rule (REST API)
- Work with Policy Rules on Panorama (REST API)
- Create a Tag (REST API)
- Configure a Security Zone (REST API)
- Configure an SD-WAN Interface (REST API)
- Create an SD-WAN Policy Pre Rule (REST API)
- Configure an Ethernet Interface (REST API)
- Update a Virtual Router (REST API)
- Work With Decryption (APIs)
Show and Manage GlobalProtect Users (API)
One common use of the PAN-OS XML API is to
manage GlobalProtect users. You can use two API requests to view
and then disconnect a Global Protect user who has been logged in
for too long.
- View all GlobalProtect users.Make a request to view all GlobalProtect users:curl -X POST 'https://<firewall>/api?type=op&cmd=<show><global-protect-gateway><current-user/> </global-protect-gateway></show>'The response contains a list of users along with related information including IP addresses, logins, and client information:<response status="success"> <result> <entry> <domain/> <islocal>yes</islocal> <username>dward</username> <computer>Dan’s iPhone</computer> <client>Apple iOS 8.1.2</client> <vpn-type>Device Level VPN</vpn-type> <virtual-ip>192.168.2.1</virtual-ip> <public-ip>166.173.63.240</public-ip> <tunnel-type>SSL</tunnel-type> <login-time>Jan.22 01:50:36</login-time> <login-time-utc>1421916636</login-time-utc> <lifetime>2592000</lifetime> </entry> </result> </response>The <login-time-utc> field is the login date/time in UNIX time format (number of seconds elapsed since 00:00:00 1 Jan 1970). To find the list of users, filter the output for this field and compare the <login-time-utc> value to current date and time (or another date and time).
- Disconnect a GlobalProtect user.
Upon identifying the user that you want to disconnect, send a request that includes the GlobalProtect gateway, username, computer, and aforce-logout reason:curl -X POST 'https://<firewall>/api?type=op&cmd=<request><global-protect-gateway><client-logout> <gateway>Home-N</gateway><user>dward</user><reason>force-logout</reason> <computer>Dan’s%20iPhone</computer></client-logout></global-protect-gateway> </request>'A successful response shows that the user has been successfully disconnected:<response status="success"> <result> <response status="success"> <gateway>Home-N</gateway> <domain>(null)</domain> <user>dward</user> <computer>Dan’s iPhone</computer> </response> </result> </response> - Disconnect a GlobalProtect user.