Blocking traffic from specific AD Computer

Reply
Highlighted
L3 Networker

Blocking traffic from specific AD Computer

Hello Everyone!

Is there any way to treat trafic from an specific Computer in AD ?

I need to block internet traffic and allow only internet corporate email (gmail) to some computers (doesnt matter the user logged in there)

I can fix thos MACs to the DHCP so they will receive always the same IP and I can treat those traffic... But I would like to know if Palo Alto can deal with Computers as well.. the same way it deals w/ AD users...

Thanks in advance!!


Accepted Solutions
Highlighted
L4 Transporter

Computer names from AD (with the $ preceding) are ignored in the UserID agent and as such you will not be able to deal with the computer names as you do with AD Usernames. As the UserID Agent will not create an IP to User Mapping for the computer you will not be able to block traffic in the security policy, based on the computer name. If you have a particular subnet or static IP addresses that these computers come from, that may be the simplest way to block their specific traffic.

View solution in original post


All Replies
Highlighted
L4 Transporter

Since the machines will be having static IP addresses, adding these machines as address objects under the source address column in a security rule and applying the security profile or application should do the job..

Highlighted
L6 Presenter

Dont forget to setup DHCP snooping (along with Option82 for logging) and DAI (Dynamic Arp Inspection) so your box you want to limit just not changes its ip address manually and connects to the network to bypass the filtering.

Highlighted
L4 Transporter

Computer names from AD (with the $ preceding) are ignored in the UserID agent and as such you will not be able to deal with the computer names as you do with AD Usernames. As the UserID Agent will not create an IP to User Mapping for the computer you will not be able to block traffic in the security policy, based on the computer name. If you have a particular subnet or static IP addresses that these computers come from, that may be the simplest way to block their specific traffic.

View solution in original post

Highlighted
L6 Presenter

Is UserID ignoring this for a particular reason or would a feature request through the local sales engineer change this behaviour?

Edit: In PANOS 5.0 if im not mistaken Globalprotect will have a similar feature where you in the security policy can choose "preauth-user" as userid (compared to todays known-user etc).

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!