10-22-2012 06:28 AM
Hello Everyone!
Is there any way to treat trafic from an specific Computer in AD ?
I need to block internet traffic and allow only internet corporate email (gmail) to some computers (doesnt matter the user logged in there)
I can fix thos MACs to the DHCP so they will receive always the same IP and I can treat those traffic... But I would like to know if Palo Alto can deal with Computers as well.. the same way it deals w/ AD users...
Thanks in advance!!
10-24-2012 08:29 AM
Computer names from AD (with the $ preceding) are ignored in the UserID agent and as such you will not be able to deal with the computer names as you do with AD Usernames. As the UserID Agent will not create an IP to User Mapping for the computer you will not be able to block traffic in the security policy, based on the computer name. If you have a particular subnet or static IP addresses that these computers come from, that may be the simplest way to block their specific traffic.
10-23-2012 07:21 AM
Since the machines will be having static IP addresses, adding these machines as address objects under the source address column in a security rule and applying the security profile or application should do the job..
10-23-2012 08:57 AM
Dont forget to setup DHCP snooping (along with Option82 for logging) and DAI (Dynamic Arp Inspection) so your box you want to limit just not changes its ip address manually and connects to the network to bypass the filtering.
10-24-2012 08:29 AM
Computer names from AD (with the $ preceding) are ignored in the UserID agent and as such you will not be able to deal with the computer names as you do with AD Usernames. As the UserID Agent will not create an IP to User Mapping for the computer you will not be able to block traffic in the security policy, based on the computer name. If you have a particular subnet or static IP addresses that these computers come from, that may be the simplest way to block their specific traffic.
10-24-2012 01:12 PM
Is UserID ignoring this for a particular reason or would a feature request through the local sales engineer change this behaviour?
Edit: In PANOS 5.0 if im not mistaken Globalprotect will have a similar feature where you in the security policy can choose "preauth-user" as userid (compared to todays known-user etc).
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
