I have sometimes a problem with the user identification on the PA500. Our Users can only browse the internet with your AD-User. Sometime the User is lost on the PA. The User "nt-autorität\anonymous-anmeldung" is used? Why? How can I find a solution?
Solved! Go to Solution.
You should exclude this user from user id by adding him to the ignore user list.
As far as I know, this user is for anonymous accessing e.g. printers or shares if configured.
Do you receive user-id updates only by using the integrated agent or are there other sources as well?
I assume you can see this user-mapping in current traffic logs? Are these current sessions or older ones?
Can you see the user by querying "show user ip-user-mapping all" on your FW?
We have installed the Palo Agents on our Active Directory Controller.
Yes, the User is switching automatically from userid into nt\authority... in the current traffic log.
How can I do the command?
Alright, there is the problem.
The setting in the web UI is only for the agentless User-ID (FW polls DCs directly).
You need to define the ignore-users on the user-id agent on your ADC by creating a file
the ignore list needs to be on the agent on the AD controller, adding the ignore user list on the firewall may only exclude it from locally learned user-ID
you'll need to add "ignore_user_list.txt" in the User-ID install directory, then add the name to the text file
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!