: Enhanced Logging for the Selected GlobalProtect Gateway
Focus
Focus

Enhanced Logging for the Selected GlobalProtect Gateway

Table of Contents
End-of-Life (EoL)

Enhanced Logging for the Selected GlobalProtect Gateway

Identify issues to determine the reason for choosing the specific gateway.
To help you to identify details as to why the GlobalProtect app chose to connect to a specific gateway, the GlobalProtect app now collects and reports information to identify gateway selection criteria and latency between the gateway and the endpoint. By enabling the Log Gateway Selection Criteria option as a dynamic app configuration, the GlobalProtect app can now send the enhanced logs for the gateway selection criteria to the firewall. Information about the gateway selection criteria can help you to identify the priority and response time of the selected gateway, the list of gateway connection attempts, and statistics about the pre-tunnel and post-tunnel network latency. The enhanced log fields for the gateway selection criteria have been added to the GlobalProtect logs in MonitorLogsGlobalProtect.
  1. Enable the GlobalProtect app to send gateway selection criteria logs to the firewall.
    1. Launch the Web Interface.
    2. Select NetworkGlobalProtectPortals<portal-config>Agent <agent-config>AppLog Gateway Selection Criteria.
    3. Select Yes to enable the GlobalProtect app to send the gateway selection criteria logs to the firewall.
    4. Click OK twice.
    5. Commit the configuration.
  2. To view the gateway information, filter for eventid eq gateway-auth in the GlobalProtect logs (MonitorLogsGlobalProtect).