https://live.paloaltonetworks.com/t5/general-topics/ignore-users-for-ip-subnet/m-p/287806#M76745 <P>Hi Steve,</P><P>&nbsp;</P><P>but I'm not sure if this would fit in our environment.</P><P>We want to include the admin accounts in the user-id, e.g. for the servers and no internetaccess with the admin accounts on them.</P><P>&nbsp;</P><P>But thanks for your hint, I will have a look at it <span class="lia-unicode-emoji" title=":winking_face:">😉</span></P><P>&nbsp;</P><P>Best regards</P><P>Oliver</P> Wed, 11 Sep 2019 05:53:34 GMT OliverGreimers 2019-09-11T05:53:34Z https://live.paloaltonetworks.com/t5/general-topics/ignore-users-for-ip-subnet/m-p/287647#M76729 <P>Hi,</P><P>&nbsp;</P><P>with the risk that this was already discussed, I have a question regarding ignore users with User-ID.</P><P>&nbsp;</P><P>I configured User-ID for our clients, also for the IT department.<BR />In the IT, we also using admin accounts. So when I started a programm in admin mode, the firewall registered this in the DCs. So my client gets the adm account linked with my client IP.</P><P>This is correct but annoying, because our admin accounts have no internet access. So I have to start a normal user login from my client, for example restarting Outlook.</P><P>&nbsp;</P><P>My question is if it's possible to add entries in the ignore list in connection with IP subnets. So I can tell the PA to ignore admin logins for our clients in the IT department.</P><P>&nbsp;</P><P>I did not found any possibility to configure it.</P><P>&nbsp;</P><P>Thanks and best Regards</P><P>Oliver</P> Tue, 10 Sep 2019 14:14:27 GMT https://live.paloaltonetworks.com/t5/general-topics/ignore-users-for-ip-subnet/m-p/287647#M76729 OliverGreimers 2019-09-10T14:14:27Z https://live.paloaltonetworks.com/t5/general-topics/ignore-users-for-ip-subnet/m-p/287665#M76731 <P>Howdy Oliver.</P><P>&nbsp;</P><P>I just wanted to acknowledge that I saw the post, but agree that I am not sure there is a way to filter out.</P><P>I do know that the FW is capable of not learning based on subnets (dont attempt to learn VoIP softphone subnet, as example), but as for not learning a specific user type.&nbsp; But you may want to focus in the Group Mapping section of UserID, to see if you can create a certain pattern that will be learned/associated with group mappings, and try to not have the admin accounts part of the pattern.</P><P>&nbsp;</P><P>Then you may be able to do something.&nbsp; It is a long shot, but wanted to give you some encouragement.&nbsp; <span class="lia-unicode-emoji" title=":face_with_tongue:">😛</span></P> Tue, 10 Sep 2019 15:26:13 GMT https://live.paloaltonetworks.com/t5/general-topics/ignore-users-for-ip-subnet/m-p/287665#M76731 S.Cantwell 2019-09-10T15:26:13Z https://live.paloaltonetworks.com/t5/general-topics/ignore-users-for-ip-subnet/m-p/287806#M76745 <P>Hi Steve,</P><P>&nbsp;</P><P>but I'm not sure if this would fit in our environment.</P><P>We want to include the admin accounts in the user-id, e.g. for the servers and no internetaccess with the admin accounts on them.</P><P>&nbsp;</P><P>But thanks for your hint, I will have a look at it <span class="lia-unicode-emoji" title=":winking_face:">😉</span></P><P>&nbsp;</P><P>Best regards</P><P>Oliver</P> Wed, 11 Sep 2019 05:53:34 GMT https://live.paloaltonetworks.com/t5/general-topics/ignore-users-for-ip-subnet/m-p/287806#M76745 OliverGreimers 2019-09-11T05:53:34Z https://live.paloaltonetworks.com/t5/general-topics/ignore-users-for-ip-subnet/m-p/287886#M76764 <P>Hello,</P><P>We encountered a similar issue. I you use Exchange for email using Outlook. Have the User-ID agents use it instead of the DC's.</P><P>&nbsp;</P><P>Regards,</P><P>&nbsp;</P> Wed, 11 Sep 2019 16:18:32 GMT https://live.paloaltonetworks.com/t5/general-topics/ignore-users-for-ip-subnet/m-p/287886#M76764 OtakarKlier 2019-09-11T16:18:32Z https://live.paloaltonetworks.com/t5/general-topics/ignore-users-for-ip-subnet/m-p/288038#M76789 <P>Hi,</P><P>&nbsp;</P><P>I already configured the Exchange servers to poll the user logons.</P><P>But in your suggestion, I have to configure only the Exchange servers and delete the DCs in the User-ID Agent configuration, right?</P><P>&nbsp;</P><P>Regards</P> Thu, 12 Sep 2019 07:11:08 GMT https://live.paloaltonetworks.com/t5/general-topics/ignore-users-for-ip-subnet/m-p/288038#M76789 OliverGreimers 2019-09-12T07:11:08Z https://live.paloaltonetworks.com/t5/general-topics/ignore-users-for-ip-subnet/m-p/288112#M76792 <P>Hello,</P><P>That is correct, you have to stop monitoring the DC's for it to work as I have described.</P><P>&nbsp;</P><P>Regards,</P> Thu, 12 Sep 2019 14:17:17 GMT https://live.paloaltonetworks.com/t5/general-topics/ignore-users-for-ip-subnet/m-p/288112#M76792 OtakarKlier 2019-09-12T14:17:17Z