01-30-2021 12:39 AM
As per the below mention snap-shot, we observed user id get changed with AD user and we have allowed the internet access to local user id which is configured in Palo Alto. Due to issue user facing internet issue.
We have not configure this user in AD domain, then how user id gets change in the Palo Alto automatically ?
While authenticating via AD traffic is going via cleanup rule.
What should be done, so traffic will authenticate locally?
01-31-2021 03:15 PM
my first guess would be that you have probing enabled on the user-id agent.
if the firewall receives a connection from an IP in a user-id enabled zone for which there is no mapping, it will query the user-id agent
if the agent has no mapping and probing is enabled, it will poll the machine for the 'logged in' credentials and feed those to the firewall if the machine replies
this seems the most likely reason why you're seeing a username you don't have in your ID (its what the machine tells the probe)
01-31-2021 03:15 PM
my first guess would be that you have probing enabled on the user-id agent.
if the firewall receives a connection from an IP in a user-id enabled zone for which there is no mapping, it will query the user-id agent
if the agent has no mapping and probing is enabled, it will poll the machine for the 'logged in' credentials and feed those to the firewall if the machine replies
this seems the most likely reason why you're seeing a username you don't have in your ID (its what the machine tells the probe)
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
