This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

How to track user ip changes while using the UIA PAN agent?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

How to track user ip changes while using the UIA PAN agent?

asia
L3 Networker

‎03-15-2010 08:48 AM

Hello,

I'am using the PAN agent with AD to indentifie users, and i noticed that whene users chage there ip adresses (going on wifi or vpn...) the agent is not able to establish the new mapping. Is there any solution to this issue. Is there any évolution of the agent in the 3.1 version of PAN-OS. And if it will be some solutions, is it working for linux users?

Thank you in advance.

Asia.

0 Likes Likes
4 REPLIES 4

swhyte
L4 Transporter

‎03-15-2010 02:19 PM

Hi Asia,

when users use vpn or wi fy, there is actually a radius request made to AD rather than rather than a logon even that the Paloalto user id logs. That is why the user id does not pick up the change. Currently there isn't a future plan for this. Also, currently the only solution we have for linux users is captive portal. In 3.1, there may be a plan for a static mapping on the Paloalto device for non AD users.

thanks,

asia
L3 Networker
In response to swhyte

‎03-16-2010 04:10 AM

Thank you swhyte :smileyplain:.

0 Likes Likes

fw_admin
Not applicable
In response to swhyte

‎03-16-2010 06:24 AM

Hi,

In our network, we could have a similar problem. We have users in Active Directory, but the access method could be different. That means that one user could be logged in his corporate PC with an IP address (internal) at 9:00 a.m. and after this, could be logged from his tablet-PC or a PDA via UMTS which another IP at 11:00 a.m.

The user in A.D. will be the same, but the associated IP will be different and the PanAgent should be capable of detecting this change.

Is this your issue?

Regards,

0 Likes Likes

asia
L3 Networker
In response to fw_admin

‎03-16-2010 06:48 AM

Hi fw-admin,

Not exactly, whene the user logs in from différent locations he is always seen by the agent. My issue is whene the user disconnect his pc from the network without loosing his windows session and re-connect from another location (différent subnet, wifi or vpn...), because this kind of action dont request AD login to function, the new user-IP mapping is not detected by the agent. So i'am trying to find a solution, may be an AD events or a connection wich trigger the mapping establishment on the agent.

Regards Smiley Wink

0 Likes Likes
  • 3665 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks