We have a security rule that grant a certain app access to users based on AD group.
User complained that sometime they can access the app and sometime they cant.
Checked the firewall and found out that some of the traffics are logged under different user accounts, hence the right policy didnt get applied.
User is using OSX (mac) and has more than 2 exchange mailboxes connected to the outlook profile.
Is there a way to control this?
how is user-ID being performed?
is the second account a shared one that should not have individual access, you could add it to the user-ID ignore user list
does user part of AD group, if not captive portal will be an option
does the username show the same AD domain name or different
In this situation it may be better to remove the exchange servers from user-id monitoring but I don't know enough about how your user-id and environment set-up to see if that would be the best solution.
As always, I find the best way of doing user-id is using GlobalProtect. Not for the VPN side of it but for internal host detection as this will always identify the correct user and authenticated to the internal gateway on the firewall.
hope this helps,
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!