I am new to Palo jsut going Live with a unit. I am seeing when users move from desk to desk and do not log out but login again at the second station their filtering does not function. They are either filtered as per the last login previously at the station (though that might be a user again also logged in somewhere else) OR they get no filtering and basically can do what they want. This seems to be an issue we me testing changes to Palo as I use certain levels of users logons (though they are working in another part of the office) and the filtering does not produce results I expect - toough to troubleshoot. AND of course this is obviously a security issue. I see posts in here as far back as 2010 asking and reporting the same things I have here - is there a resolution to this?
User-ID is really something that needs to be designed for the environment that you are in, and as such there really isn't a 'one size fits all' guide we can point you towards. If you describe your environment a bit we could likely advise you on directions to take, sources to monitor, settings to modifiy and the such. Sadly a lot of people configure user-id settings using default settings and that's not always going to work depending on the environment.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The Live Community thanks you for your participation!