This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

GP client connected to internal GW - no user attached to IP address

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

GP client connected to internal GW - no user attached to IP address

bsanders
L2 Linker

‎11-22-2013 01:05 AM

Hello all,

I was thinking that when a client is connected via GP to an internal Gateway, the user is mapped to the IP address of the client. In my case, that is not working. The zone in which the client resides has user-ID enabled, but still the traffic is not stamped with the user-ID.

Can someone help me troubleshooting?

Regards,

Stephan van der Plas

Labels:
3 REPLIES 3

kadak
L5 Sessionator

‎11-22-2013 08:37 AM

Hello Stephan van der Plas,

Under Global Protect Gateway > Client Configuration > Tunnel settings, have you selected Tunnel Mode> Tunnel Interface ? If yes, then User-ID should also be enabled on the zone where that the tunnel interface lies.

Also, is your user-ip mapping working for other zones? This is just to make sure that user-id itself is configured correctly.

Thanks and regards,
Kunal Adak

Phoenix
L4 Transporter

‎11-22-2013 08:45 AM

Hello Stephan van der Plas,


You can also look under zones to check "Enable User identification" for the zones to populate the usernames for the GP zone.


Thanks

mbutt
L5 Sessionator

‎11-25-2013 11:49 AM

Please verify the following

User identification is enabled on the GP zone

Capture.PNG.png

Verify GP is getting the user name

GlobalProtect Gateway: GP_ext (0 users)

Tunnel Name          : GP_ext-N

GlobalProtect Gateway: GP_gateway (1 users)

Tunnel Name          : GP_gateway

Domain-User Name : test1

        Computer                  : XXXXXXX

        Client                    :

        Private IP                : 0.0.0.0

        Public IP                 : 192.168.0.8

        ESP                       : none

        SSL                       : none

        Login Time                : Nov.24 18:21:12

        Logout/Expiration         : Dec.24 18:21:12

        TTL                       : 2529338

        Inactivity TTL            : 7776


If the above is present then verify if the mapping is showing.


admin@Numan-FW> show user ip-user-mapping ip 192.168.0.8

IP address:  192.168.0.8 (vsys1)

User:       test1

From:        GP

Idle Timeout: 7612s

Max. TTL:    7612s

Groups that the user belongs to (used in policy)

.

If any one this does not show up then there is something missing or not correct. You might have to open a case with support to verify the issue.

Regards,

Numan

  • 3494 Views
  • 3 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks