How are you guys managing the "runas" command alongside user-id. In our test environment, I'm finding with the user-id windows agent, you get the last login event from the domain controller, with the new "runas" user. Once that times out- no more internet access to the original user, unless you generate an authentication event to the domain controller again. However, with global protect, if I "runas" a new user- globalprotect (internal only- no tunnel) will NOT update the firewall with the latest user for that program, so the "runas" user, has the rights that the initial user has, per the firewall "show user ip user mapping". Have you locked this down through other means, such as group policy-etc? Any insights into this? I'm guessing there is no priority order for a user-id agent vs. global protect agent? The firewalls user ip user mapping only appears to care about the last login/network interface change that it's seen?
Regular users don't run runas usually.
If this is concern then GlobalProtect will overcome this issue as user is identified by account who's credentials were used to log into vpn.
If user knows credentials of other users then (s)he can update GlobalProtect login and still gain access to resources of other person.
I'm guessing there is no priority order for a user-id agent vs. global protect agent? The firewalls user ip user mapping only appears to care about the last login/network interface change that it's seen?
Correct, it's the most recent update source.
Like @Raido_Rattameister posted, I think if we understand more about what you're trying to accomplish we can more accurate info on what we've seen work.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!