ignore users for IP subnet

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

ignore users for IP subnet

L1 Bithead

Hi,

 

with the risk that this was already discussed, I have a question regarding ignore users with User-ID.

 

I configured User-ID for our clients, also for the IT department.
In the IT, we also using admin accounts. So when I started a programm in admin mode, the firewall registered this in the DCs. So my client gets the adm account linked with my client IP.

This is correct but annoying, because our admin accounts have no internet access. So I have to start a normal user login from my client, for example restarting Outlook.

 

My question is if it's possible to add entries in the ignore list in connection with IP subnets. So I can tell the PA to ignore admin logins for our clients in the IT department.

 

I did not found any possibility to configure it.

 

Thanks and best Regards

Oliver

5 REPLIES 5

Cyber Elite
Cyber Elite

Howdy Oliver.

 

I just wanted to acknowledge that I saw the post, but agree that I am not sure there is a way to filter out.

I do know that the FW is capable of not learning based on subnets (dont attempt to learn VoIP softphone subnet, as example), but as for not learning a specific user type.  But you may want to focus in the Group Mapping section of UserID, to see if you can create a certain pattern that will be learned/associated with group mappings, and try to not have the admin accounts part of the pattern.

 

Then you may be able to do something.  It is a long shot, but wanted to give you some encouragement.  😛

Help the community: Like helpful comments and mark solutions

Hi Steve,

 

but I'm not sure if this would fit in our environment.

We want to include the admin accounts in the user-id, e.g. for the servers and no internetaccess with the admin accounts on them.

 

But thanks for your hint, I will have a look at it 😉

 

Best regards

Oliver

Hello,

We encountered a similar issue. I you use Exchange for email using Outlook. Have the User-ID agents use it instead of the DC's.

 

Regards,

 

Hi,

 

I already configured the Exchange servers to poll the user logons.

But in your suggestion, I have to configure only the Exchange servers and delete the DCs in the User-ID Agent configuration, right?

 

Regards

Hello,

That is correct, you have to stop monitoring the DC's for it to work as I have described.

 

Regards,

  • 3657 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!