Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
07-18-2012 01:18 AM
Hi everybody,
I'm trying to implement user identification via active directory on PA-200. I've added the AD server under Device -> LDAP and added group mapping under Device -> User Identification.Now I guess I need to install user-ID agent on a local machine but I can't find a download link for this app.
Is it possible to implement user identification without this user-id agent?
Can anyone provide a simple guide for this whole process? I'm using few documents but wasn't able to find a single document that explains this procedure from start to end on a simple example.
Regards,
Damir
07-18-2012 02:48 AM
Hi Damir
I'm not much help, as I'm trying to figure this out too. But I did find the User ID Agent software here;
07-18-2012 10:25 AM
Damir,
You need the agent to get ip to user mapping. You can download the agent from the support portal:
This document walks you through the installation procedure for the PANOS 4.1.
https://live.paloaltonetworks.com/docs/DOC-2132
Thanks,
Sri
07-18-2012 10:54 AM
Don't forget to enable user identification on your trusted zone. I missed that tick box, and spent over an hour trying to figure out why it wasn't working.
07-18-2012 11:10 AM
Thanks Shaun, I'll try it with this guide, it's actually what I was looking for...
07-19-2012 12:17 AM
OK, this was the first step, now I need to configure the User-ID Agent and PA Firewall.
I have configured an User-id agent under Device -> User Identification -> User-ID Agents but its Connected Status is Red. And yes, I have enabled user identification on the trusted zone.
Another interesting thing is that I can't see any logs on the User-ID Agent. I see all users that are active one the network under the Monitoring option but no logs.
Solution:
It looks like I forgot to add the PA-200 to the list of allowed devices to access the User-ID agent. Now it works fine as far as I can see.
Regards,
Damir
Message was edited by: Damir Porobic
04-19-2013 08:33 AM
THIS ^. I did not know that checkbox was there under the zone config. Would have been here all day...
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
