Apple MAC's and User-ID

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Apple MAC's and User-ID

L1 Bithead

We recently implemented a pair of PA-3020 in an Active/Passive cluster.

I have been working on USER-ID, but have an issue. There are about 2500 Apple MAC computers

on site. They are binded to AD , even if an AD user uses logs in to an Apple MAC there are no MS events

in the security logs to forward to the User-ID agent.

Most all of the Apple Mac’s don’t mount to any shared MS AD shares.

My question is what am I missing or how can I get the User-ID to work with Apple MAC’s?

Also it would be great if there were a “local” agent installer for both MAC and Windows clients.

We could install them silently and a managed install. Then let the physical machine report to the Firewall of the current user and IP address.

Any thoughts?

Thanks

Mark

1 accepted solution

Accepted Solutions

Thanks Aditi,

Is there any future feature "request" that would provide a local User-ID agent. I think this would help may Administrators of PAN Firewalls.

thanks,

Mark

View solution in original post

4 REPLIES 4

L4 Transporter

Hello Mark,

Goodmorning! These are the available options that are available for MAC users to provide their User-ID info to the firewall:

1) Captive Portal (https://live.paloaltonetworks.com/docs/DOC-1159)

2) Install a client that will do AD login

3) Make them connect via SSL VPN and surf through the VPN.

4) User ID API integration using Syslog (https://live.paloaltonetworks.com/docs/DOC-1936) -  You would take login events on your OpenDirectory server and syslog these events. Parse through the data and use the API to send this info to the User-ID Agent for ip-mappings.

Additionally, user-id agent can also monitor Exchange server, so if the mac users are able to login to Outlook to create login events, we should be able to get the mapping that way as well. Hope that helps!

Thanks,

Aditi

Thanks Aditi,

Is there any future feature "request" that would provide a local User-ID agent. I think this would help may Administrators of PAN Firewalls.

thanks,

Mark

Hi

You said the Macs were bound to AD:

"They are binded to AD , even if an AD user uses logs in to an Apple MAC there are no MS events in the security logs to forward to the User-ID agent." So, how are the Macs bound to AD? IF the users authenticate to AD there should be a logon event and if not, you may have to enable logging levels to show those logon events through:


https://live.paloaltonetworks.com/docs/DOC-2801


These are then read according to:


https://live.paloaltonetworks.com/docs/DOC-1262

You may also find https://live.paloaltonetworks.com/docs/DOC-5662 helpful.

Thanks

L1 Bithead

Update:

Sorry this is so late, this issue was resolved. Prior to me working here the MAC admins were given an AD / OU to Bind the Apple MAC OSX machine to (CN=MAC,DC=xx,DC=xxx).

For some reason if the MAC's are not in the default CN=Computers,DC=xx,DC=xxx OU windows security logs will never populate?

After we move all of the AD objects "Apple MAC's" to the correct OU (CN=Computers,DC=xx,DC=xxx), security event logs started working and populating PAN-User-ID.

I hope this helps.

  • 1 accepted solution
  • 11331 Views
  • 4 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!