we have a need to identify user machines associated with a domain. specifically, we want to create security policies based upon domain membership. is that even possible, and how would we achieve this functionality?
so basically, just use the userid agent as usual...
when creating a security policy, under source user, append the $ sign at the end (ie mydomain\computername$)
but what if we do not want to list every single computer, just filter the domain? as far as i know, there is no wildcard for this, you can not enter mydomain\*$
You can crete a user group in your AD server, which will include all domain users and map under Device >> User Identification >> Group-mapping. After that, you can refer that group under security policy.
i feel like the message is not really going through...
i am not asking about identification of users (humans), i'm asking about identifying computers (machines) that are domain members. i would like to have a set of policies applied for all COMPUTERS that are members and a different set for non-domain COMPUTERS (for example guests on the network)
Are you trying to map IPs to both users and computers, so that if it is the computer making the request, it shows up as the computer account instead of the user that was last logged in/cached on that IP? Just trying to help clarify, so I don't actually have an answer for the question, but this is what I understood from your original question.
yes, that is what i'm trying to do! i am not interested in the logged in user, just the computer (and they are NOT terminals).
i know it sounds silly, but customers are silly sometimes....
one way to identify if pc is domain or non-domain is to make use of the HIP profiles and use the hip profile in the security policy. To get the HIP report, you will have to configure gloabal protect for internal gateway . You will need Global protect portal license for internal gateways https://live.paloaltonetworks.com/docs/DOC-3930 - How to Configure Internal GlobalProtect Only https://live.paloaltonetworks.com/docs/DOC-6066 - configuring HIP profiles to use in security policies
HIP has nothing to do with the request. What he is looking to do is to differentiate traffic that is initiated by the SYSTEM account, and other non user accounts, versus what is initiated by the user accounts. This way he can have a policy that says "group of computer" can access APP, but the user initiated traffic doesn't necessarily have to be allowed to do that.
It's one thing to associate a user to an IP, which is what is currently done. What he is looking for is to associate TRAFFIC to a user.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!