https://live.paloaltonetworks.com/t5/general-topics/captive-portal-as-an-option/m-p/37227#M27309 <HTML><HEAD></HEAD><BODY><P>A few of my rules allow for certain individuals (by way of User-ID) access to download EXE and access most any application.&nbsp; This of course works fine for PCs that are joined to the domain which makes up 99% of our PCs.&nbsp; However, for that 1% that are not on the domain, what's the best way for an individual to optionally supply the proper AD credentials to allow them these elevated privellages if they so choose to need them?</P></BODY></HTML> Fri, 30 Dec 2011 19:20:58 GMT dshue 2011-12-30T19:20:58Z https://live.paloaltonetworks.com/t5/general-topics/captive-portal-as-an-option/m-p/37227#M27309 <HTML><HEAD></HEAD><BODY><P>A few of my rules allow for certain individuals (by way of User-ID) access to download EXE and access most any application.&nbsp; This of course works fine for PCs that are joined to the domain which makes up 99% of our PCs.&nbsp; However, for that 1% that are not on the domain, what's the best way for an individual to optionally supply the proper AD credentials to allow them these elevated privellages if they so choose to need them?</P></BODY></HTML> Fri, 30 Dec 2011 19:20:58 GMT https://live.paloaltonetworks.com/t5/general-topics/captive-portal-as-an-option/m-p/37227#M27309 dshue 2011-12-30T19:20:58Z https://live.paloaltonetworks.com/t5/general-topics/captive-portal-as-an-option/m-p/37228#M27310 <HTML><HEAD></HEAD><BODY><P>The Captive Portal feature is probably your best bet to identify unknown users who are traversing the firewall.</P><P></P><P>-Benjamin</P></BODY></HTML> Fri, 30 Dec 2011 23:16:07 GMT https://live.paloaltonetworks.com/t5/general-topics/captive-portal-as-an-option/m-p/37228#M27310 bpappas 2011-12-30T23:16:07Z https://live.paloaltonetworks.com/t5/general-topics/captive-portal-as-an-option/m-p/37229#M27311 <HTML><HEAD></HEAD><BODY><P>Also, there is a new feature in PAN-OS 4.1 that allows the User-ID Agent to get username to IP mappings from Exchange servers.&nbsp; So if non-windows devices are not logging into the domain, but are logging into email, their user sessions will also be mapped.</P><P></P><P>Cheers,</P><P></P><P>Kelly</P></BODY></HTML> Sat, 31 Dec 2011 00:32:22 GMT https://live.paloaltonetworks.com/t5/general-topics/captive-portal-as-an-option/m-p/37229#M27311 kbrazil 2011-12-31T00:32:22Z