Access Denied to Agentless userID if Logon Workstation is Used

Access Denied to Agentless userID if Logon Workstation is Used

23757
Created On 09/26/18 13:49 PM - Last Modified 06/08/23 23:43 PM


Resolution


Overview

For security compliance purposes, customers may want to apply additional limitations on the Palo Alto Networks account that is used to collect logs from the Domain Controller. One of the features of the Windows Active Directory is to use the Logon Workstation list.

ttt.PNG

 

Issue

Enabling the Logon Workstation list in the Windows Active Directory will deny the user access to DC1.

 

Resolution

Since the Palo Alto Networks firewall is not a member of the Active Directory, per Microsoft design it is necessary to add the hostnames of all the firewalls that will be using this account to connect.

2.PNG

 

owner: mdjeric
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClqbCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language