This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

PA User identification

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

PA User identification

Go to solution
minow
L4 Transporter

‎01-27-2014 11:22 PM

How PA decide on user IDs, for example if i have an IP that the user was mapped from UIA, and then a security log in AD map this IP to another user?

or a user that loging with global protect through local DB, and then authenticate to AD, and the PA gets a new mapping from the agent ?

thanks

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
HULK
L7 Applicator

‎01-28-2014 07:55 AM

Pls go through this document  to understand the User-Identification  working functionality : User Identification Tech Note - PAN-OS 4.0

Thanks

View solution in original post

0 Likes Likes
4 REPLIES 4

Go to solution
HULK
L7 Applicator

‎01-28-2014 07:55 AM

Pls go through this document  to understand the User-Identification  working functionality : User Identification Tech Note - PAN-OS 4.0

Thanks

0 Likes Likes

Go to solution
minow
L4 Transporter
In response to HULK

‎01-29-2014 09:49 AM

yes i know how it works but i have a GP user and sometimes the user is changed and sometimes does not

i mean changed from GP to AD, only somtime after a user loging to RDP server, or does the UID service just update the IP-user-mapping regardless the current mapping source?

IP address:  x.x.x.x (vsys1)

User:        domain\user

From:        AD

Idle Timeout: 2692s

Max. TTL:    2689s

Groups that the user belongs to (used in policy)

Group(s):  

admin@PA(active)> show user ip-user-mapping ip x.x.x.x

IP address:  x.x.x.x (vsys1)

User:        domain\user

From:        GP

Idle Timeout: 17889s

Max. TTL:    17889s

Groups that the user belongs to (used in policy)

Group(s):   

0 Likes Likes

Go to solution
sraghunandan
L5 Sessionator
In response to minow

‎01-29-2014 11:56 AM

So an ip gets identified as being mapped from GP and the very same ip changes the source to AD, is that the issue, please let us know.The ip pool given to your GP users are different from your internal users right?

0 Likes Likes

Go to solution
minow
L4 Transporter
In response to sraghunandan

‎01-31-2014 02:47 AM

yes, adn the zone of the GP user is defferent

i have read that the the mapping of the user to ip of a GP user is bind to the connection of the client to the GW, so as soon as the user log in/out the mapping created and removed,

can i remote the UID from the zone or exclude the mapping on the GP pool have someone tried that?

0 Likes Likes
  • 1 accepted solution
  • 2613 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks