Blocking unknown devices that are not within the domain

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Blocking unknown devices that are not within the domain

L0 Member

Hello everyone,

I am a Palo Alto PA-450 user. In our organization, we removed around 20 computers from the domain due to their outdated versions. However, these computers continue to log in using the credentials of the last user who logged in while they were still in the domain. This is not a major issue for us. The problem is that these computers are still accessing the internet. When we investigate using Putty, these devices appear as 'unknown' and are obtaining IP addresses. Is it possible to create a rule in our firewall's policies section to allow only computers within the domain to access the internet?

 

"I used ChatGPT for translations as English is not my native language. I apologize if my sentences are unclear."

 

 

 

2 REPLIES 2

Cyber Elite
Cyber Elite

the IoT addon license allows you to fetch all your device serials from (among others) Entra ID and apply security based on the device serial

you can also make DHCP exceptions for the mac addresses of the allowed/decommissioned devices and prevent the outdated devices from joining the network

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

Cyber Elite
Cyber Elite

Hello,

If you have user-id setup, you can create security policies that allow internet access only if the user-id is of a matching domain user. Also set the user-id to a lifetime of like 45 minutes.

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm5bCAC

 

Regards,

  • 307 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!