I was thinking that when a client is connected via GP to an internal Gateway, the user is mapped to the IP address of the client. In my case, that is not working. The zone in which the client resides has user-ID enabled, but still the traffic is not stamped with the user-ID.
Can someone help me troubleshooting?
Stephan van der Plas
Hello Stephan van der Plas,
Under Global Protect Gateway > Client Configuration > Tunnel settings, have you selected Tunnel Mode> Tunnel Interface ? If yes, then User-ID should also be enabled on the zone where that the tunnel interface lies.
Also, is your user-ip mapping working for other zones? This is just to make sure that user-id itself is configured correctly.
Thanks and regards,
Please verify the following
User identification is enabled on the GP zone
Verify GP is getting the user name
GlobalProtect Gateway: GP_ext (0 users)
Tunnel Name : GP_ext-N
GlobalProtect Gateway: GP_gateway (1 users)
Tunnel Name : GP_gateway
Domain-User Name : test1
Computer : XXXXXXX
Private IP : 0.0.0.0
Public IP : 192.168.0.8
ESP : none
SSL : none
Login Time : Nov.24 18:21:12
Logout/Expiration : Dec.24 18:21:12
TTL : 2529338
Inactivity TTL : 7776
If the above is present then verify if the mapping is showing.
admin@Numan-FW> show user ip-user-mapping ip 192.168.0.8
IP address: 192.168.0.8 (vsys1)
Idle Timeout: 7612s
Max. TTL: 7612s
Groups that the user belongs to (used in policy)
If any one this does not show up then there is something missing or not correct. You might have to open a case with support to verify the issue.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!