https://live.paloaltonetworks.com/t5/general-topics/user-id-and-internet-access/m-p/113862#M45249 <P>Hi Farzana,</P><P>&nbsp;</P><P>You could deploy Global Protect &amp; internal host detection so that when the computer comes out of hibernation, the GP connects and authenticates the user that way (but does not establish a tunnel). &nbsp;</P><P>&nbsp;</P><P>Another way would be to implement a 'catch-all' captive portal policy so that if all the other identification methods fail, they have to authenticate via a captive portal.</P><P>&nbsp;</P><P>One other way would be to configure wireless access points to send syslog to your firewall, if a user authenticates to the wireless network the AP could send syslog to the firewall containing the username &amp; IP address which you can configure the firewall to parse out and create a mapping for them.</P><P>&nbsp;</P><P>You can find more info here and determine which solution best fits you.</P><P>&nbsp;</P><P><A href="https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/user-id/user-id-overview#67469" target="_blank">https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/user-id/user-id-overview#67469</A></P><P>&nbsp;</P><P>hope this helps,</P><P>Ben</P> Fri, 16 Sep 2016 10:44:43 GMT bmorris1 2016-09-16T10:44:43Z https://live.paloaltonetworks.com/t5/general-topics/user-id-and-internet-access/m-p/113841#M45245 <P>Hello,</P><P>&nbsp;</P><P>If a user uses the PC at home (not behind the Palos) to access the Internet then hibernates their PC, then comes to work and connects to the network (behind the Palos) and un-hibernates, they can no longer access the Internet until the PC re-authenticates to AD and when the user-ID agent can identify the user again. There is a period when the user cannot use the Internet as the Palo policy states the user must be known via user-ID. This can be while depending on what apps the user uses after they un-hibernate.</P><P>Is there a way to fix this?</P><P>&nbsp;</P><P>Thanks in advance</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 16 Sep 2016 06:46:00 GMT https://live.paloaltonetworks.com/t5/general-topics/user-id-and-internet-access/m-p/113841#M45245 Farzana 2016-09-16T06:46:00Z https://live.paloaltonetworks.com/t5/general-topics/user-id-and-internet-access/m-p/113862#M45249 <P>Hi Farzana,</P><P>&nbsp;</P><P>You could deploy Global Protect &amp; internal host detection so that when the computer comes out of hibernation, the GP connects and authenticates the user that way (but does not establish a tunnel). &nbsp;</P><P>&nbsp;</P><P>Another way would be to implement a 'catch-all' captive portal policy so that if all the other identification methods fail, they have to authenticate via a captive portal.</P><P>&nbsp;</P><P>One other way would be to configure wireless access points to send syslog to your firewall, if a user authenticates to the wireless network the AP could send syslog to the firewall containing the username &amp; IP address which you can configure the firewall to parse out and create a mapping for them.</P><P>&nbsp;</P><P>You can find more info here and determine which solution best fits you.</P><P>&nbsp;</P><P><A href="https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/user-id/user-id-overview#67469" target="_blank">https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/user-id/user-id-overview#67469</A></P><P>&nbsp;</P><P>hope this helps,</P><P>Ben</P> Fri, 16 Sep 2016 10:44:43 GMT https://live.paloaltonetworks.com/t5/general-topics/user-id-and-internet-access/m-p/113862#M45249 bmorris1 2016-09-16T10:44:43Z https://live.paloaltonetworks.com/t5/general-topics/user-id-and-internet-access/m-p/114038#M45276 <P>Thanks Ben for the wonderful suggestions.</P> Mon, 19 Sep 2016 00:21:53 GMT https://live.paloaltonetworks.com/t5/general-topics/user-id-and-internet-access/m-p/114038#M45276 Farzana 2016-09-19T00:21:53Z