PA Traffic is logged under different users other than the logged in user

Reply
Highlighted
L2 Linker

PA Traffic is logged under different users other than the logged in user

Hi guys,

 

We have a security rule that grant a certain app access to users based on AD group.

 

User complained that sometime they can access the app and sometime they cant.

 

Checked the firewall and found out that some of the traffics are logged under different user accounts, hence the right policy didnt get applied.

 

User is using OSX (mac) and has more than 2 exchange mailboxes connected to the outlook profile.

 

Is there a way to control this?

 

Thanks

2017-08-22_13-44-18.png

 

Highlighted
L7 Applicator

Re: PA Traffic is logged under different users other than the logged in user

how is user-ID being performed?

is the second account a shared one that should not have individual access, you could add it to the user-ID ignore user list

reaper - PANgurus.com
I drink and I know things
Highlighted
L4 Transporter

Re: PA Traffic is logged under different users other than the logged in user

does user part of AD group, if not captive portal will be an option

PCNSE-7, ACE-6,ACE 7 , CCNP, CCNA,CCIE(theory) , RHCE
Firewalldog dot com
Highlighted
L4 Transporter

Re: PA Traffic is logged under different users other than the logged in user

 does the username show the same AD domain name or different 

PCNSE-7, ACE-6,ACE 7 , CCNP, CCNA,CCIE(theory) , RHCE
Firewalldog dot com
Highlighted
L4 Transporter

Re: PA Traffic is logged under different users other than the logged in user

Hi Esutedy,

 

In this situation it may be better to remove the exchange servers from user-id monitoring but I don't know enough about how your user-id and environment set-up to see if that would be the best solution.

 

As always, I find the best way of doing user-id is using GlobalProtect. Not for the VPN side of it but for internal host detection as this will always identify the correct user and authenticated to the internal gateway on the firewall.

 

hope this helps,

Ben

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!