I need some advice for my next steps to solve the problem.
My problem: I got User ID mapping with Radius, and everything works fine.
But, when I create a policy for example (source IP XXXX for xxx users (VPN users) destination IP xxxx action deny, my policy not acting.
And when I initiate traffic from specific source IP, I am faced with different policy actions, for example, allowing any ->any.
Logically, when I have 2 policies, one is placed on the top(my deny rule), and 1st rule that would be applied must be denied, then allow.
I can give more details about the issue if needed.
The pan-OS version is 10.1.6 H-3, global protect version is 5.1.6. The firewall is PA-5250.
Thank you for your reply.
The problem is when I try to config block rule for a certain user (username), the policy not working correctly.
If I got one policy with deny rule for single(group) users and follow the rule with allow (any user), the traffic goes and mismatch with deny rule and goes through to allow one.
When you added username into block rule did you choose it from droppdown or did you type it in?
Maybe firewall sees user in different format (domain\user or user@domain format).
Assuming workstation IP is 188.8.131.52
Go to "Monitor > User-ID" and use filter "( ip in 184.108.40.206)"
Do you see same username identified by Palo as you have in the rule?
If you check traffic log "Monitor > Traffic" do sessions for blocked user have username filled in username column?
If this was not helpful then please add screenshots of your block rule and traffic log.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!