07-09-2019 06:20 PM
INFO:
-Palo 3320 PanOS 8
GOALS:
I have list of users and groups in local palo database
I want to block SALES group to access porn sites but allow DIRECTOR group
QUESTIONS:
1. should I use subinterface
2. since director mac address can't be seen if using L3 switch then should I
a. use dynamic vlan mean wherever director go, he must authenticate and get the same vlan
b. is there a palo client software that will automatically tell palo that this pc belong to paloalto local user director1
tq
07-10-2019 12:13 PM
Is Captive Portal or GlobalProtect not an option within your environment? That would be my 'prefered' way of doing user identification if you aren't utilizing anything sort of AD.
07-10-2019 12:13 PM
Is Captive Portal or GlobalProtect not an option within your environment? That would be my 'prefered' way of doing user identification if you aren't utilizing anything sort of AD.
07-10-2019 01:09 PM
I agree with @BPry , use URL filtering and AD groups for this. I do it all the time.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
