https://live.paloaltonetworks.com/t5/general-topics/how-can-i-see-which-user-access-what-website/m-p/508063#M105799 <P>Hi,</P><P>&nbsp;</P><P>I'm currently managing a PA-220 and have setup URL-filtering.</P><P>&nbsp;</P><P>I can see which IP-addresses that tries to access the blocked websites.</P><P>Is there any possibility to resolve/match this IP-address to our DHCP server to see exactly which mac/computer it is accessing the blocked sites.</P><P>&nbsp;</P><P>We have it setup so all computers on our company network have unique names.</P><P>&nbsp;</P><P>Currently what I have to do is to check the url filtering log and look for the IP and then crossmatch that IP with dhcp server.</P><P>Or is there any other way to do this thats less time consuming.</P><P>&nbsp;</P><P>I know there are some ways to connect the Palo alto to Active directory but im not sure exactly how to solve this.</P> Wed, 06 Jul 2022 12:40:42 GMT Rasmus_Edholm 2022-07-06T12:40:42Z https://live.paloaltonetworks.com/t5/general-topics/how-can-i-see-which-user-access-what-website/m-p/508063#M105799 <P>Hi,</P><P>&nbsp;</P><P>I'm currently managing a PA-220 and have setup URL-filtering.</P><P>&nbsp;</P><P>I can see which IP-addresses that tries to access the blocked websites.</P><P>Is there any possibility to resolve/match this IP-address to our DHCP server to see exactly which mac/computer it is accessing the blocked sites.</P><P>&nbsp;</P><P>We have it setup so all computers on our company network have unique names.</P><P>&nbsp;</P><P>Currently what I have to do is to check the url filtering log and look for the IP and then crossmatch that IP with dhcp server.</P><P>Or is there any other way to do this thats less time consuming.</P><P>&nbsp;</P><P>I know there are some ways to connect the Palo alto to Active directory but im not sure exactly how to solve this.</P> Wed, 06 Jul 2022 12:40:42 GMT https://live.paloaltonetworks.com/t5/general-topics/how-can-i-see-which-user-access-what-website/m-p/508063#M105799 Rasmus_Edholm 2022-07-06T12:40:42Z https://live.paloaltonetworks.com/t5/general-topics/how-can-i-see-which-user-access-what-website/m-p/508077#M105800 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/154062">@Rasmus_Edholm</a> ,</P> <P>It sound you need User-ID. I would suggest you to take a look at the following links as starting point</P> <P><A href="https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/user-id/user-id-overview" target="_blank">https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/user-id/user-id-overview</A> </P> <P><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRyCAK" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRyCAK</A> </P> <P><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm5bCAC" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm5bCAC</A> </P> <P>&nbsp;</P> <P>If I try to sum it up - As firewall works with IP addresses, you need a way to associate the soure IP (from where the traffic originates) with username. Palo Alto is capable to use different sources for such information. Once the firewall receive user-to-ip mapping you will see the associated username in the logs. You can even create the firewall rules allowing user/user groups.</P> <P>&nbsp;</P> <P>My personal recommendation is to use GlobalProtect with Internal Gateway as source of user-to-ip mapping.</P> <P>&nbsp;</P> <P>&nbsp;</P> Wed, 06 Jul 2022 13:23:21 GMT https://live.paloaltonetworks.com/t5/general-topics/how-can-i-see-which-user-access-what-website/m-p/508077#M105800 aleksandar.astardzhiev 2022-07-06T13:23:21Z https://live.paloaltonetworks.com/t5/general-topics/how-can-i-see-which-user-access-what-website/m-p/508087#M105805 <P>Hi, thanks for your answer. I will definitely take a look at those links you posted.</P><P>But for user-id do I need to have the computers join the AD, or is it enough to just create the computers manually in AD(via powershell).</P><P>&nbsp;</P> Wed, 06 Jul 2022 14:16:36 GMT https://live.paloaltonetworks.com/t5/general-topics/how-can-i-see-which-user-access-what-website/m-p/508087#M105805 Rasmus_Edholm 2022-07-06T14:16:36Z