- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
11-22-2013 01:05 AM
Hello all,
I was thinking that when a client is connected via GP to an internal Gateway, the user is mapped to the IP address of the client. In my case, that is not working. The zone in which the client resides has user-ID enabled, but still the traffic is not stamped with the user-ID.
Can someone help me troubleshooting?
Regards,
Stephan van der Plas
11-22-2013 08:37 AM
Hello Stephan van der Plas,
Under Global Protect Gateway > Client Configuration > Tunnel settings, have you selected Tunnel Mode> Tunnel Interface ? If yes, then User-ID should also be enabled on the zone where that the tunnel interface lies.
Also, is your user-ip mapping working for other zones? This is just to make sure that user-id itself is configured correctly.
Thanks and regards,
Kunal Adak
11-22-2013 08:45 AM
Hello Stephan van der Plas,
You can also look under zones to check "Enable User identification" for the zones to populate the usernames for the GP zone.
Thanks
11-25-2013 11:49 AM
Please verify the following
User identification is enabled on the GP zone
Verify GP is getting the user name
GlobalProtect Gateway: GP_ext (0 users)
Tunnel Name : GP_ext-N
GlobalProtect Gateway: GP_gateway (1 users)
Tunnel Name : GP_gateway
Domain-User Name : test1
Computer : XXXXXXX
Client :
Private IP : 0.0.0.0
Public IP : 192.168.0.8
ESP : none
SSL : none
Login Time : Nov.24 18:21:12
Logout/Expiration : Dec.24 18:21:12
TTL : 2529338
Inactivity TTL : 7776
If the above is present then verify if the mapping is showing.
admin@Numan-FW> show user ip-user-mapping ip 192.168.0.8
IP address: 192.168.0.8 (vsys1)
User: test1
From: GP
Idle Timeout: 7612s
Max. TTL: 7612s
Groups that the user belongs to (used in policy)
.
If any one this does not show up then there is something missing or not correct. You might have to open a case with support to verify the issue.
Regards,
Numan
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!