Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- 5G
- IoT Security
- Prisma SD-WAN
Network Security
- Prisma Access
- Prisma SaaS
- Prisma Cloud
- CN-Series
- VM-Series:
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
Security Operations
- Resources
- COVID-19 Response Center
- LIVEcommunity
- ›
- Collaboration
- ›
- Blogs
- ›
- Accessing the User-ID agent or AD on a different interface?
Accessing the User-ID agent or AD on a different interface?
Announcements
Changes to the LIVEcommunity experience are coming soon... Here's what you need to know.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Blog Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Email to a Friend
- Printer Friendly Page
- Report This Content
05-12-2017
07:10 AM
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Email to a Friend
- Printer Friendly Page
- Report This Content
05-12-2017
07:10 AM
In many network environments, it's good practice to create an Out Of Band network where the management interfaces of your security appliances and services live so they cannot be compromised by a user with a lot of spare time to try and guess passwords.
This can sometimes create interesting challenges, as your appliances may need to access resources that are not available on the secured network. One example is Palo Alto Networks' integrated User Identification mechanisms, where either the firewall reads security audit logs on an Active Directory server, or the server gets an agent software installed that does the reading and sends the output back to the firewall. If the AD server is not connected to the secured network, a different route needs to be taken to get the information on the firewall.
To assist in this sort of issue, a service route can be configured that redirects connections originating from the management plane, via the backplane, to the dataplane. This will force the outgoing connection to egress from a normal network interface without exposing the management interface (pretty cool, huh?).
To configure a service route:
- Navigate to the Device tab on your firewall, and in the
- Open the Setup section
- Go to 'Services'
- Find the 'Service Route Configuration' link
- Switch to 'Customize'
- Scroll down to 'UID Agent' and
- Select the new source interface and IP address for these connections
This will work for both the installed UID agent software and the clientless configuration on the firewall.
if you would like to know more about service routes, please take a look at this article: Setting a Service Route for Services to Use a Dataplane Interface from the Web UI and CLI
Hope you learned a new thing today!
Please feel free to leave a comment or ask questions in the comment section below
Reaper out!
7,752 Views
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Labels
-
10.0
1 -
2 factor authentication
1 -
2020
1 -
2fa
1 -
30DaysCloud
7 -
5G
5 -
7000
2 -
7000 series
1 -
ACC
2 -
addressgroups
1 -
administration
1 -
Adobe Acrobat
1 -
Alibaba
1 -
Alibaba Cloud
1 -
Analytics
4 -
Aperture
3 -
API
2 -
App-ID
13 -
App-Portal
1 -
application
1 -
Application Framework
4 -
Application Override
1 -
applications
2 -
apps
1 -
Authentication
2 -
Authentication Sequence
1 -
AutoFocus
9 -
Autonomous
2 -
Autonomous DEM
2 -
Autonomous Digital Experience Management
1 -
AWS
8 -
Azure
6 -
Beacon
4 -
Best Practice Assessment
1 -
Best Practices
4 -
Books
1 -
BPA
3 -
Canon
1 -
Case Creation
4 -
case management
1 -
Cases
1 -
categories
2 -
certificate
1 -
Certificates
2 -
Certification
2 -
Certifications
3 -
Certifications & Exams
3 -
Cloud
34 -
cloud managed prisma access
1 -
Cloud Security
1 -
cloud service
3 -
Cloud Services Portal
3 -
cloudgenix
3 -
CloudSecured
1 -
CN-Series
8 -
Community
86 -
Community Guidance
1 -
Community News
1 -
Compatibility
1 -
Compatibility View
1 -
Configuration
13 -
Configuration and Management
4 -
Container
1 -
cortex
18 -
Cortex Data Lake
10 -
Cortex XDR
29 -
Cortex XDR 2.0 Features
2 -
Cortex XDR 2.2 Features
1 -
Cortex XDR 2.3
1 -
Cortex XDR 2.4 Features
1 -
Cortex XDR 2.5 Features
1 -
Cortex XDR 2.6 Features
1 -
Cortex XDR 2.7 Features
1 -
Cortex XDR Agent
2 -
Cortex XDR Agent 7.3 features
1 -
Cortex XDR Features
1 -
Cortex XDR Management
1 -
Cortex XSOAR
9 -
COVID-19
2 -
credits
1 -
csp
11 -
CSP outage
1 -
Custom Signatures
1 -
Customer Experience
1 -
Customer Help
1 -
Customer Success
11 -
Customer Support Portal
4 -
Customer Support Resources
1 -
CX Day
1 -
CXDay2020
1 -
cyber elite
6 -
Cyber Elite Program
6 -
cyberelite
6 -
cybersecurity
7 -
Cybersecurity Academy
1 -
data lake
1 -
Data Loss Prevention
3 -
Data Loss Prevention 7000
1 -
data pattern
1 -
Data Security
1 -
Debug
3 -
Decryption
3 -
Dependency
1 -
Deployment
1 -
Detection and Response
1 -
dev_ops
1 -
Developers
1 -
DLP
3 -
dns
4 -
DNS Security
7 -
dotw
2 -
EDL
2 -
edu
1 -
EDU-114
1 -
Education
14 -
Education Services
3 -
ela
1 -
Endpoint
5 -
Endpoint Security Manager (ESM)
2 -
Enterprise
1 -
Events
36 -
Exams
1 -
Expedition
3 -
Expert Program
1 -
FeatureRequest
1 -
Features
3 -
Filtering
1 -
Firewall
94 -
Firewall Essentials
1 -
fuel
6 -
Fuel User Group
10 -
Fundamentals
1 -
gateway
1 -
gateway selection
1 -
gcp
3 -
Global
1 -
GlobalProtect
37 -
GlobalProtect 5.0
3 -
GlobalProtect App
1 -
GlobalProtect Cloud Service
2 -
GlobalProtect HIP check
1 -
GlobalProtect-COVID19
24 -
GlobalProtect-Resources
19 -
Google Chrome extension
1 -
google cloud platform
1 -
GP
2 -
GPCS
1 -
Grateful
1 -
Grayware
2 -
Guidance and Guidelines
2 -
ha
1 -
Happy Holidays
1 -
High Availability
1 -
HIP
1 -
HIP Check
1 -
How to
1 -
HTTP
1 -
hub
6 -
Hybrid Cloud
1 -
ICS
1 -
ignite
2 -
Ignite conference
2 -
ignite2019
3 -
Ignite2020
8 -
IGNITEQ&A
1 -
IoMT
1 -
IoT
4 -
IoT Security
4 -
IPSec
1 -
IPv6
1 -
Iron Skillet
1 -
IronSkillet
1 -
Kubernetes
3 -
LatinxHeritage
1 -
LatinxHeritageMonth
4 -
Learning
1 -
Learning Center
1 -
license
1 -
License Keys
1 -
licenses
2 -
live community
3 -
Live Community Help
2 -
livecommunity
8 -
log forwarding
4 -
Logging
5 -
logging service
3 -
logging_services
1 -
login
1 -
Logs
2 -
Mac OS X
1 -
machine learning
4 -
MacOS
2 -
Magnifier
1 -
malware
3 -
Management
25 -
Management & Administration
1 -
mapping
2 -
MFA
3 -
Migration
1 -
Migration Tool
2 -
ML-Powered NGFW
3 -
Monthly Release
1 -
multi factor authentication
1 -
Multi-Category URL Filtering
2 -
Networking
1 -
New Features
2 -
Next-Generation Firewall
3 -
NGFW
6 -
notifications
1 -
office 365
1 -
Oracle Cloud
1 -
PA Firewall
1 -
PA-220R
1 -
PA-7000 Series Firewall
1 -
Palo Alto Networks
1 -
PAN-OS
31 -
PAN-OS 10.0
2 -
PAN-OS 9.0
5 -
PAN-OS 9.1
1 -
Panorama
19 -
panorama_csr
1 -
PANOS-9.0
2 -
Parked
1 -
PCCET
2 -
PCCSA
3 -
PCNSA
4 -
PCNSE
9 -
Phishing
1 -
plugin
2 -
policies
1 -
Policy
1 -
Pre-Logon
1 -
prisma
13 -
Prisma Access
29 -
Prisma Access 2.0
1 -
prisma access app
1 -
Prisma Access Cloud Management
2 -
prisma access insights
2 -
Prisma Cloud
9 -
Prisma Coud
1 -
Prisma SaaS
5 -
Prisma SD-WAN
6 -
PrismaAccess
2 -
PrismaAccess-COVID19
12 -
prismaaccessinsights
2 -
Privacy Data Sheets
1 -
Professional Services
1 -
Proxy Avoidance
2 -
Public Cloud
2 -
Questionable
1 -
Quickplay Solutions
1 -
Release Notes
2 -
Release-Notes
3 -
Remote location
1 -
Remote Networks
1 -
Reports
2 -
Resources
2 -
RSA
1 -
SaaS
2 -
SAML
2 -
SASE
2 -
SCADA
1 -
SD-WAN
6 -
Second Watch
1 -
Secure Input
1 -
secureinput
1 -
Security
2 -
Security Advisory
1 -
Security Policy
5 -
Services
1 -
session
1 -
Setup
1 -
Skillets
1 -
smb
1 -
SNMP Monitoring
1 -
Social Media
1 -
Software
1 -
SolarStorm
1 -
SolarWinds
1 -
SSL Decryption
4 -
SSL Forward Proxy
1 -
strata
5 -
SUNBURST
1 -
Support
21 -
Support Guidance
1 -
support portal
1 -
Symphony
1 -
Thankful 2020
1 -
Thanksgiving
1 -
Threat
27 -
Threat Intelligence Management
1 -
Threat Management
3 -
threat prevention
3 -
threat protection
1 -
Threats
1 -
Tips & Tricks
3 -
TMS
4 -
Tools
3 -
training
1 -
Traps
8 -
Traps Agent
8 -
Traps Management Service
4 -
Troubleshooting
4 -
Tutorial
10 -
unit 42
16 -
unit42
3 -
upgrade
2 -
URL Filtering
8 -
User-ID
4 -
users
1 -
Veteran Training
3 -
Veterans Day
1 -
Video
7 -
Videos
2 -
VIP
1 -
Virtualization
6 -
VM-Series
31 -
VPN
2 -
Vulnerability
11 -
Vulnerability Protection
1 -
webcast
1 -
Webinar
5 -
WildFire
8 -
Women's Equality Day
1 -
XDR
1 -
Year in Review
1 -
YouTube
3 -
Zero Trust
1 -
ZTP
1
- Previous
- Next
Latest Blogs
- Announcing Cortex Symphony 2021 with host Kevin Smith
- New and Revamped Pages on LIVEcommunity!
- Coming Soon: Enhanced LIVEcommunity Experience!
- Where Can I Get the GlobalProtect Client ?
- The Benefits of Prisma Access Cloud Management
- Introducing Prisma Access Autonomous Digital Experience Management (ADEM)
- Back Up Your Data! LIVEcommunity Reminds You on World Backup Day
- Celebrating Women’s History Month
- Digital Events are Coming to LIVEcommunity!
- Retrieve the IP Addresses for Prisma Access
Latest Comments
- ddelcourt on: Digital Events are Coming to LIVEcommunity!
- almraza on: New URL Filtering Category: “real-time-detection”
- gregorylamothe on: Pre-Built and Ready: Explore the New Quickplay Solutions (Formerly Known as Skillets)
- MonicaR on: New Software NGFW Credits and Videos
- Leonor on: Introducing the VM-Series on Alibaba Cloud Technology Page
- crasmussen on: CyberSecurity Tips for a safer online experience !
- jdelio on: Cyber Elite Spotlight Interview: @SteveCantwell
- jdelio on: DOTW: TCP Resets from Client and Server aka TCP-RST-FROM-Client
- gregorylamothe on: LIVEcommunity 2020 Year in Review
- jdelio on: Spotlight Interview with @BPry
Latest Blogs
Latest Posts
Copyright 2007 - 2021 - Palo Alto Networks
