11-10-2010 06:22 AM
This should be an easy one. Just looking for confirmation.
The only way to get user information in traffic/url/threat logs is to a) use the PAN User Agent to query AD/WMI or b) setup a caputive portal. Is this correct?
We have a WPA2 wireless network available for students on campus. They authenticate via 802.1x to a RADIUS server to access it. They use personal computers. If I wanted to get user data here, I'd have to setup a captive portal?
Thanks!
11-11-2010 09:36 AM
You will need to be using either the Pan-Agent or the TS_agent as applicable. Have your Zone setup to enable User Identification on the zone/zones you will want to monitor this way and then your logs will reflect user based traffic.
11-11-2010 10:42 AM
Hello
Yes Captive Portal is probably the way forward. The Palo Alto agents (AD/LDAP/TS) require, one-way-or-another, a domain account, and a login event to that account, which I'm guessing they don't have.
All the best,
Will
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
