04-08-2013 01:05 PM
Good afternoon,
Previously we used the PAN-UID perl module to update User ID Agents running on servers, which would in turn update the firewalls.
With version 5.0, there is not this capability:
2.9 User-ID mapping
Beginning with PAN-OS 5.0.0, you can apply User-ID mapping information directly to the firewall using the API with the type=user-id parameter.
Has anyone implemented this? Can you provide any examples? The documentation is kind of limited & we are having a lot of trouble with the UserID Agents having memory leaks and not working.
Thanks for your help.
Kevin
04-08-2013 06:43 PM
Following Document shows how to :
How to Add User-IP Mapping to Firewall using API on PAN-OS 5.0
https://live.paloaltonetworks.com/docs/DOC-4348
-Ameya
04-08-2013 06:43 PM
Following Document shows how to :
How to Add User-IP Mapping to Firewall using API on PAN-OS 5.0
https://live.paloaltonetworks.com/docs/DOC-4348
-Ameya
04-09-2013 06:25 AM
No, I have already implemented this. I mean connecting directly to the firewall API, not through a UID agent.
Thanks.
04-09-2013 06:29 AM
Exactly what I am looking for, thanks!
08-05-2013 05:48 AM
We have been attempting to make this request through the API but get a Invalid Credentials. We setup an admin account with API access and get a Key back.
When we try to post the key and the new User-ID mapping we get Invalid Credentials. Anyone have a snippet of the post or ssl code in vb/c# ?
string strSandbox = "https://10.10.10.10/api/?type=user-id&key=" + key + "&action=set&vsys=vsys1"; ;
HttpWebRequest req = (HttpWebRequest)WebRequest.Create(strSandbox);
req.Method = "POST";
req.ContentType = "application/x-www-form-urlencoded";
byte[] param = Request.BinaryRead(HttpContext.Current.Request.ContentLength);
StringBuilder requestContent = new StringBuilder();
requestContent.Append("<uid-message>");
requestContent.Append("<version>1.0</version>");
requestContent.Append("<type>update</type>");
requestContent.Append("<payload>");
requestContent.Append("<login>");
requestContent.Append("<entry name=\"domain\\" + LoginUser.UserName.ToLower() + "\" ip=\"" + SIP.Text + "\"/>");
requestContent.Append("</login>");
requestContent.Append("</payload>");
requestContent.Append("</uid-message>");
strRequest += "&cmd=" + requestContent;
req.ContentLength = strRequest.Length;
ServicePointManager.ServerCertificateValidationCallback = delegate(object s, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { return true; };
//Send the request
StreamWriter streamOut = new StreamWriter(req.GetRequestStream(), System.Text.Encoding.ASCII);
streamOut.Write(strRequest);
streamOut.Close();
StreamReader streamIn = new StreamReader(req.GetResponse().GetResponseStream());
string strResponse = streamIn.ReadToEnd();
streamIn.Close();
08-05-2013 11:14 PM
I am not sure if you are looking for the following or not
https://live.paloaltonetworks.com/docs/DOC-1662
https://live.paloaltonetworks.com/docs/DOC-1348
https://live.paloaltonetworks.com/docs/DOC-1580
Hope this helps
Thanks
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
