This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

ignore users for IP subnet

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

ignore users for IP subnet

OliverGreimers
L1 Bithead

‎09-10-2019 07:14 AM

Hi,

 

with the risk that this was already discussed, I have a question regarding ignore users with User-ID.

 

I configured User-ID for our clients, also for the IT department.
In the IT, we also using admin accounts. So when I started a programm in admin mode, the firewall registered this in the DCs. So my client gets the adm account linked with my client IP.

This is correct but annoying, because our admin accounts have no internet access. So I have to start a normal user login from my client, for example restarting Outlook.

 

My question is if it's possible to add entries in the ignore list in connection with IP subnets. So I can tell the PA to ignore admin logins for our clients in the IT department.

 

I did not found any possibility to configure it.

 

Thanks and best Regards

Oliver

0 Likes Likes
5 REPLIES 5

S.Cantwell
Cyber Elite
Cyber Elite

‎09-10-2019 08:26 AM

Howdy Oliver.

 

I just wanted to acknowledge that I saw the post, but agree that I am not sure there is a way to filter out.

I do know that the FW is capable of not learning based on subnets (dont attempt to learn VoIP softphone subnet, as example), but as for not learning a specific user type.  But you may want to focus in the Group Mapping section of UserID, to see if you can create a certain pattern that will be learned/associated with group mappings, and try to not have the admin accounts part of the pattern.

 

Then you may be able to do something.  It is a long shot, but wanted to give you some encouragement.  😛

Help the community: Like helpful comments and mark solutions

OliverGreimers
L1 Bithead
In response to S.Cantwell

‎09-10-2019 10:53 PM

Hi Steve,

 

but I'm not sure if this would fit in our environment.

We want to include the admin accounts in the user-id, e.g. for the servers and no internetaccess with the admin accounts on them.

 

But thanks for your hint, I will have a look at it 😉

 

Best regards

Oliver

0 Likes Likes

OtakarKlier
Cyber Elite
Cyber Elite
In response to OliverGreimers

‎09-11-2019 09:18 AM

Hello,

We encountered a similar issue. I you use Exchange for email using Outlook. Have the User-ID agents use it instead of the DC's.

 

Regards,

 

0 Likes Likes

OliverGreimers
L1 Bithead
In response to OtakarKlier

‎09-12-2019 12:11 AM

Hi,

 

I already configured the Exchange servers to poll the user logons.

But in your suggestion, I have to configure only the Exchange servers and delete the DCs in the User-ID Agent configuration, right?

 

Regards

0 Likes Likes

OtakarKlier
Cyber Elite
Cyber Elite
In response to OliverGreimers

‎09-12-2019 07:17 AM

Hello,

That is correct, you have to stop monitoring the DC's for it to work as I have described.

 

Regards,

  • 3958 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks