With the PAN agent IP to user mapping is being realized. but I am facing the real-time behaviour of people having multiple logins to different IP's on the same moment.
The IP to user mapping only matches the latest logged in IP, and as such the user also logged in on the other device can no longer be mapped to the correct user.
Are you facing this at your customers or in your networks as well, and what would be the recommended solution?
In my opinion, when using LDAP, you can find several IPs (as being used by the user), this would be a way. But I see that in this LDAP also old IP's (not longer being used) are still shown.
A workaround to take care of browserbased stuff would be to enable captive portal and set it to "ntlm auth" (in order to make it transparent for the user).
Note however that the PAN unit currently only cache the ntlm auth per ip (which means if you have one user per ip then you are safe, but not if you have several users per ip like with terminalservers). I have been told that this (ntlm caching per ip) willl most likely be fixed in upcoming versions (so it will be an option to cache per session instead making it work with terminalservers similar to how Bluecoat does its user-mapping).
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!