Difference between revisions of "GlobalProtect (Palo Alto)"
Jump to navigation
Jump to search
Tags: Mobile web edit, Mobile edit |
|||
Line 26: | Line 26: | ||
* <code>[[show global-protect-gateway current-user]]</code> | * <code>[[show global-protect-gateway current-user]]</code> | ||
* <code>show global-protect-gateway flow</code><ref>https://weberblog.net/cli-commands-for-troubleshooting-palo-alto-firewalls/</ref> | * <code>show global-protect-gateway flow</code><ref>https://weberblog.net/cli-commands-for-troubleshooting-palo-alto-firewalls/</ref> | ||
+ | ::current-satellite Show current GlobalProtect gateway satellites | ||
+ | :: current-user Show current GlobalProtect gateway users | ||
+ | :: flow Show dataplane GlobalProtect gateway tunnel information | ||
+ | :: flow-site-to-site Show dataplane GlobalProtect site-to-site gateway tunnel information | ||
+ | :: gateway Show list of GlobalProtect gateway configuration | ||
+ | :: previous-satellite Show previous GlobalProtect gateway satellites | ||
+ | :: previous-user Show previous user session for GlobalProtect gateway users | ||
+ | * <code>[[show global-protect-gateway statistics]] | ||
== Activities == | == Activities == |
Revision as of 12:26, 6 May 2020
Palo Alto GlobalProtect is an always-on SSL/IPsec VPN solution with MFA authentication included on PAN-OS firewall devices.
- GlobalProtect Application Command Center (ACC)
- Prisma Access (formerly GlobalProtect cloud service)
- GlobalProtect Agent
Versions
- 9.1
- GlobalProtect Activity charts and graphs on the ACC
- Log Forwarding of GlobalProtect logs
- 9.0
See also: PAN-OS Releases
Features
- multi-factor authentication (MFA) methods, including one-time password tokens, certificates, and smart cards, through RADIUS and SAML integration
- Traffic Inspection
- Identifies application traffic, regardless of port number
- SSL Decryption
- URL filtering with PAN-DB
Related commands
show global-protect-gateway current-user
show global-protect-gateway flow
[1]
- current-satellite Show current GlobalProtect gateway satellites
- current-user Show current GlobalProtect gateway users
- flow Show dataplane GlobalProtect gateway tunnel information
- flow-site-to-site Show dataplane GlobalProtect site-to-site gateway tunnel information
- gateway Show list of GlobalProtect gateway configuration
- previous-satellite Show previous GlobalProtect gateway satellites
- previous-user Show previous user session for GlobalProtect gateway users
Activities
- Read GlobalProtect Administration Guide: https://docs.paloaltonetworks.com/content/dam/techdocs/en_US/pdf/globalprotect/9-1/globalprotect-admin/globalprotect-admin.pdf
Related terms
- HIP. If the Host Information Profile (HIP) feature is enabled, the gateway generates a HIP report from the raw host data that the endpoints submit, which it can use for policy enforcement.
- Prisma Cloud
See also
- VPN: IPsec (Openswan), OpenVPN, Forticlient, GlobalProtect (PAN-OS), WireGuard (Linux Kernel), Tailscale, PulseSecure, WebVPN, SoftEther, ESP, IKE, AWS VPN, Zerotier, VPN client, Pritunl, GCP Cloud VPN, Mesh virtual private network, Mullvad
- PAN-OS (Palo Alto): PAN-OS Releases,
show vpn
, GlobalProtect, GlobalProtect logs, WildFire, show log
, show session all
, MDM, match
, PAN-OS reports, HIP, Zone
- Palo Alto, Palo Alto PA-Series, PAN-OS, Panorama, WildFire, Cortex Data Lake, Prisma Cloud
- DMZ, Port knocking, Bastion host, Firewall Software:
iptables
ufw
firewalld
nftables
firewall-cmd
ipfw (FreeBSD)
PF (OpenBSD)
, netsh advfirewall, PAN-OS, WAF, pfsense, VyOS, Cisco ASA, DMZ, F5, URL Filtering, port forwarding, macOS application firewall, Windows firewall, Fortigate, ngrok, Network ACL
↑ https://weberblog.net/cli-commands-for-troubleshooting-palo-alto-firewalls/
Advertising: