GlobalProtect
Event Descriptions for the GlobalProtect Logs in PAN-OS
Table of Contents
Expand All
|
Collapse All
GlobalProtect Docs
-
10.1 & Later
- 10.1 & Later
- 9.1 (EoL)
-
- How Does the App Know Which Certificate to Supply?
- Set Up Cloud Identity Engine Authentication
- Configure GlobalProtect to Facilitate Multi-Factor Authentication Notifications
- Enable Delivery of VSAs to a RADIUS Server
- Enable Group Mapping
-
-
- GlobalProtect App Minimum Hardware Requirements
- Download the GlobalProtect App Software Package for Hosting on the Portal
- Host App Updates on the Portal
- Host App Updates on a Web Server
- Test the App Installation
- Download and Install the GlobalProtect Mobile App
- View and Collect GlobalProtect App Logs
-
-
- Deploy App Settings in the Windows Registry
- Deploy App Settings from Msiexec
- Deploy Scripts Using the Windows Registry
- Deploy Scripts Using Msiexec
- Deploy Connect Before Logon Settings in the Windows Registry
- Deploy GlobalProtect Credential Provider Settings in the Windows Registry
- SSO Wrapping for Third-Party Credential Providers on Windows Endpoints
- Enable SSO Wrapping for Third-Party Credentials with the Windows Registry
- Enable SSO Wrapping for Third-Party Credentials with the Windows Installer
- Deploy App Settings to Linux Endpoints
- GlobalProtect Processes to be Whitelisted on EDR Deployments
-
-
- Mobile Device Management Overview
- Set Up the MDM Integration With GlobalProtect
- Qualified MDM Vendors
-
-
- Set Up the Microsoft Intune Environment for Android Endpoints
- Deploy the GlobalProtect App on Android Endpoints Using Microsoft Intune
- Create an App Configuration on Android Endpoints Using Microsoft Intune
- Configure Lockdown Mode for Always On Connect Method on Android Endpoints Using Microsoft Intune
-
- Deploy the GlobalProtect Mobile App Using Microsoft Intune
- Configure an Always On VPN Configuration for iOS Endpoints Using Microsoft Intune
- Configure a User-Initiated Remote Access VPN Configuration for iOS Endpoints Using Microsoft Intune
- Configure a Per-App VPN Configuration for iOS Endpoints Using Microsoft Intune
-
-
-
- Create a Smart Computer Group for GlobalProtect App Deployment
- Create a Single Configuration Profile for the GlobalProtect App for macOS
- Deploy the GlobalProtect Mobile App for macOS Using Jamf Pro
-
- Enable GlobalProtect System Extensions on macOS Endpoints Using Jamf Pro
- Enable GlobalProtect Network Extensions on macOS Big Sur Endpoints Using Jamf Pro
- Add a Configuration Profile for the GlobalProtect Enforcer by Using Jamf Pro 10.26.0
- Verify Configuration Profiles Deployed by Jamf Pro
- Remove System Extensions on macOS Monterey Endpoints Using Jamf Pro
- Non-Removable System Extensions on macOS Sequoia Endpoints Using Jamf Pro
- Uninstall the GlobalProtect Mobile App Using Jamf Pro
-
- Configure HIP-Based Policy Enforcement
- Configure HIP Exceptions for Patch Management
- Collect Application and Process Data From Endpoints
- Redistribute HIP Reports
-
- Identification and Quarantine of Compromised Devices Overview and License Requirements
- View Quarantined Device Information
- Manually Add and Delete Devices From the Quarantine List
- Automatically Quarantine a Device
- Use GlobalProtect and Security Policies to Block Access to Quarantined Devices
- Redistribute Device Quarantine Information from Panorama
- Troubleshoot HIP Issues
-
-
- Enable and Verify FIPS-CC Mode on Windows Endpoints
- Enable and Verify FIPS-CC Mode on macOS Endpoints
- Enable and Verify FIPS-CC Mode Using Workspace ONE on iOS Endpoints
- Enable FIPS Mode on Linux EndPoints with Ubuntu or RHEL
- Enable and Verify FIPS-CC Mode Using Microsoft Intune on Android Endpoints
- FIPS-CC Security Functions
- Resolve FIPS-CC Mode Issues
-
-
- Remote Access VPN (Authentication Profile)
- Remote Access VPN (Certificate Profile)
- Remote Access VPN with Two-Factor Authentication
- GlobalProtect Always On VPN Configuration
- Remote Access VPN with Pre-Logon
- User-Initiated Pre-Logon Connection
- GlobalProtect Multiple Gateway Configuration
- GlobalProtect for Internal HIP Checking and User-Based Access
- Mixed Internal and External Gateway Configuration
- Captive Portal and Enforce GlobalProtect for Network Access
- GlobalProtect on Windows 365 Cloud PC
-
- About GlobalProtect Cipher Selection
- Cipher Exchange Between the GlobalProtect App and Gateway
-
- Reference: GlobalProtect App Cryptographic Functions
-
- Reference: TLS Ciphers Supported by GlobalProtect Apps on macOS Endpoints
- Reference: TLS Ciphers Supported by GlobalProtect Apps on Windows Endpoints
- Reference: TLS Ciphers Supported by GlobalProtect Apps on Android 6.0.1 Endpoints
- Reference: TLS Ciphers Supported by GlobalProtect Apps on iOS 10.2.1 Endpoints
- Reference: TLS Ciphers Supported by GlobalProtect Apps on Chromebooks
- Ciphers Used to Set Up IPsec Tunnels
- SSL APIs
-
- View a Graphical Display of GlobalProtect User Activity in PAN-OS
- View All GlobalProtect Logs on a Dedicated Page in PAN-OS
- Event Descriptions for the GlobalProtect Logs in PAN-OS
- Filter GlobalProtect Logs for Gateway Latency in PAN-OS
- Restrict Access to GlobalProtect Logs in PAN-OS
- Forward GlobalProtect Logs to an External Service in PAN-OS
- Configure Custom Reports for GlobalProtect in PAN-OS
-
6.3
- 6.3
- 6.2
- 6.1
- 6.0
- 5.1
-
- Download and Install the GlobalProtect App for Windows
- Use Connect Before Logon
- Use Single Sign-On for Smart Card Authentication
- Use the GlobalProtect App for Windows
- Report an Issue From the GlobalProtect App for Windows
- Disconnect the GlobalProtect App for Windows
- Uninstall the GlobalProtect App for Windows
- Fix a Microsoft Installer Conflict
-
- Download and Install the GlobalProtect App for macOS
- Use the GlobalProtect App for macOS
- Report an Issue From the GlobalProtect App for macOS
- Disconnect the GlobalProtect App for macOS
- Uninstall the GlobalProtect App for macOS
- Remove the GlobalProtect Enforcer Kernel Extension
- Enable the GlobalProtect App for macOS to Use Client Certificates for Authentication
-
6.1
- 6.1
- 6.0
- 5.1
-
6.3
- 6.3
- 6.2
- 6.1
- 6.0
- 5.1
Event Descriptions for the GlobalProtect Logs in PAN-OS
Event descriptions for the GlobalProtect portal, gateway,
and Clientless VPN logs in PAN-OS.
Use the following descriptions to help you to identify
GlobalProtect portal, gateway, or Clientless VPN events when viewing
GlobalProtect logs in PAN-OS at MonitorLogsGlobalProtect:
- Portal Event Details
- Gateway Event Details
- Clientless VPN Event Details
Portal Event Details
The following table describes log events
related to the GlobalProtect portal.
| Event | Description |
|---|---|
portal-auth | Indicates a GlobalProtect portal authentication
stage. See Status for results. |
portal-gen-cookie | Indicates a GlobalProtect portal authentication
override cookie generation event. See Status for results. |
portal-getconfig | Indicates a GlobalProtect portal event for generating
GlobalProtect client configuration, such as dynamic app configuration
or gateway list. |
portal-prelogin | Indicates a GlobalProtect portal pre-login event.
As a part of the event, the GlobalProtect client does the following:
|
Gateway Event Details
The following table describes log events
related to the GlobalProtect gateway.
| Event | Description |
|---|---|
gateway-agent-msg | Indicates a GlobalProtect gateway event
for a message received from the GlobalProtect client, such as GlobalProtect
client disable reason message. |
gateway-auth | Indicates GlobalProtect gateway authentication
stage. See Status for results. |
gateway-config-release | Indicates a GlobalProtect gateway event
for configuration release, such as remove ip-user mapping or remove
tunnel. |
gateway-connected | Indicates a GlobalProtect gateway event
for a GlobalProtect client successful connection for tunnel or non-tunnel
mode. |
gateway-framed-ip | Indicates a GlobalProtect gateway event where
the gateway retrieved a framed IPv4 address from RADIUS for a GlobalProtect client. |
gateway-getconfig | Indicates a GlobalProtect gateway event
for generating GlobalProtect client configuration, such as split-tunnel,
virtual IP, or tunnel information. |
gateway-hip-check | Indicates a GlobalProtect gateway event
to confirm whether a GlobalProtect HIP report was updated or not,
and to refresh ip-user mapping. Refer to the description for latency
reported information. Examples include items such as HIP report
is not needed or HIP report is needed. |
gateway-hip-report | Indicates a GlobalProtect gateway event
to confirm whether a HIP report was received from a GlobalProtect
client, to update ip-user mapping, and to enforce HIP policy. |
gateway-inheritance | Indicates a GlobalProtect gateway event where
a GlobalProtect gateway is using a dynamic IP address and the IP
address changed. |
gateway-logout | Indicates a GlobalProtect gateway event
for a GlobalProtect client logout. |
gateway-prelogin | Indicates a GlobalProtect gateway event. As
a part of the event, the GlobalProtect client does the following:
|
gateway-register | Indicates GlobalProtect client user information,
such as username, domain-name, computer name, hostid, serial number,
public ip, or login time is added on the gateway. |
gateway-setup-ipsec | Indicates a GlobalProtect gateway event
for setting up an IPSec VPN tunnel. |
gateway-setup-ssl | Indicates a GlobalProtect gateway event
for setting up a SSL VPN tunnel. |
gateway-switch-to-ssl | Indicates a GlobalProtect gateway tunnel switch
from IPSec to SSL considering IPSec tunnel was not successful. |
gateway-tunnel-latency | Indicates GlobalProtect gateway latency provided
by a GlobalProtect client. Refer to description for latency reported
information, such as Pre-tunnel latency: 10ms or Post-tunnel latency:
1ms |
quarantine-add | Indicates a GlobalProtect gateway event
for a GlobalProtect client, confirming that the client is added
to the quarantine list. |
quarantine-delete | Indicates a GlobalProtect gateway event
for a GlobalProtect client, confirming that the client is removed
from the quarantine list. |
Clientless VPN Event Details
The following table describes log events
related to the GlobalProtect Clientless VPN.
| Event | Description |
|---|---|
clientlessvpn-login | Indicates a GlobalProtect portal event for GlobalProtect
Clientless VPN login. |
clientlessvpn-logout | Indicates a GlobalProtect portal event for GlobalProtect
Clientless VPN logout. |
clientlessvpn-prelogin | Indicates a GlobalProtect portal event for GlobalProtect
Clientless VPN. As a part of the event, the following takes place:
|