User-id is it possible to check computers?

Support_CC — Mon, 21 Nov 2011 09:50:19 GMT

Hello,

One of our clients want to know if it is possible to build policies based on computer membership to AD groups.

In this situation we want to differentiate between computers that belongs to AD and which do not in purpose of VPN connections, so that users won't connect from private computers with SSL client.

Regards,

Piotr Bratkowski

Re: User-id is it possible to check computers?

snisar — Thu, 24 Nov 2011 03:09:03 GMT

Currently, we only do "user" identification through Active Directory. One option to acheive what you want is to use "Global Protect" feature for all internal and remote users to log in to corporate network. It basically replaces ssl-vpn for remote users. You can configure "Computer Name" under HIP Profile for Global protect users to be identified only when they try to login through that particular computer. Again, there is lot of manual work required for it to work, you need to manually enter each compuetr name under HIP profile and match registery entry realted to that computer.

https://live.paloaltonetworks.com/docs/DOC-1757

Please feel free to contact us if you have question.

topic User-id is it possible to check computers? in General Topics

User-id is it possible to check computers?

Re: User-id is it possible to check computers?