User ID agent / User-IP-Mapping issue

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

User ID agent / User-IP-Mapping issue

L1 Bithead

Hello,

I have simple request: created access rule based by group.(and this part looks clear and working to me). Problem that i can make User-IP mapping to work correctly. With desktops i do not see any issues because their users do not change mostly at all. Major problem is with laptops. Users migrates between meeting rooms, use wifi and comes back to work place. IP may change in an hour about 4 times. how to make palo to give access according group if i see that even first level ip-mapping is not working. Or how to make IP-mapping to work correctly?

Another thing on any commit , looks like internet and user identification (ip-maping) is also temporary lost

thanks.

3 REPLIES 3

L4 Transporter

If you have laptop users that change IP more frequently than the timeout values, you may want to enable some kind of probing eg, NETBIOS or WMI probing which checks the user @ IP w.x.y.z every 20 min etc.

Hello,

If it is just for internet access, I would suggest you use Captive portal with NTLM authentication.

If it's for internal filtering (like datacenter secured resource access) and you have a large network, ActiveDirectory and people switch from wifi to wired network frequently then only GlobalProtect can bring you 100% success . AD log monitoring has many drawbacks and wll work for 95% of people, but yet it means 5% of your users will open tickets everyday because they can't access a resource.

About WMI: Yes this is the one but not the best solution.  I will try to do it with 10 minutes interval.

About Captive portal: I think it wont work for ftp users.

thanks. hoping to make palo working correctly.

  • 2223 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!