user-id user on servers

Reply
L7 Applicator

Re: user-id user on servers


@RobinClayton wrote:

As soon as an admin logs in, they become the associated user of this "server" traffic. Anythign they may really be initiatin gets lost. So it's a bit pointless.


Thats why we exclude the servernetworks completely. All servers have specific firewallrules for exactly what they need without internet access. The logins on the servers are restricted to the users that really need to install/change something on the servers, so it isn't possible that an admin from team A connects to a server of team B. So at least in our case it makes more sense to exclude the networks instead of the users, just in case an admin somehow logs in on a device located in the clientnetwork we will see this also in the firewalllogs.

L3 Networker

Re: user-id user on servers

@vsys_remo unrelated to the topic I guess, but are you using virtual firewalls to control that server access?

Highlighted
L7 Applicator

Re: user-id user on servers

@ce1028

In most cases physical firewalls (with vsys enabled).

Are you asking about the access frol the servers or the access to the servers? The second is also restricted with groups on the servers itself to the people that need access.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!