Can we possible to restrict another user log-in to GP using same USER-ID at the same time?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Can we possible to restrict another user log-in to GP using same USER-ID at the same time?

L3 Networker

Hello Guys.

I have a question about GlobalProtect.

While a user is logged inn and running to GlobalProtect Gateway, Another user possible to log in to GlobalProtect Gateway with same USER-ID at the same time. I want to restrict that log-in to GP GW using same USER-ID at the same time. Can I possible to install with above things for a GP?

Thanks.

Regards.

Roh

1 accepted solution

Accepted Solutions

L5 Sessionator

Hi Roh,

For me, not possible in the palo. In Ad you can associate one user to one laptop then limit simultaneous connexion.

Else there is third party product like:

http://www.isdecisions.com/products/userlock/

RES Software | Enterprise IT Services Made Easy

or using script like here: Logon Script 7

Hope help.

V.

View solution in original post

3 REPLIES 3

L5 Sessionator

Hi Roh,

For me, not possible in the palo. In Ad you can associate one user to one laptop then limit simultaneous connexion.

Else there is third party product like:

http://www.isdecisions.com/products/userlock/

RES Software | Enterprise IT Services Made Easy

or using script like here: Logon Script 7

Hope help.

V.

L4 Transporter

Hello Roh,

I go with Vince too. Pan would allow more than one IP with the same User_ID. This is practical that a single user can login through Phone / laptop / pc and so on.

But on the PAN if we have security rules configured with usernames then all the IPs belonging to that username would be permitted. Thought of using the HIP profile feature but where we can restrict or allow users based on hostname or OS types and so on but that would be complex where we do not know which device first logged in and deny the second log on by identifying through HIP method.

Thanks

Not applicable

Hello,

It's an old thread, sorry, but I also need this kind of feature: avoid using a same account (login/pass) simulteanously on several machines.

All I found in the KB seems to give the same answer : it's not possible.

And  after a while, I'm wondering if setting a profile with an assignement of only 1 IP address could be a workaround ???

Don't know yet if it works, but I will probably try it this week.

If someone has a thought on that, you're welcome to participate...

a+

  • 1 accepted solution
  • 3992 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!