- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
05-03-2012 02:53 PM
Hello,
I have simple request: created access rule based by group.(and this part looks clear and working to me). Problem that i can make User-IP mapping to work correctly. With desktops i do not see any issues because their users do not change mostly at all. Major problem is with laptops. Users migrates between meeting rooms, use wifi and comes back to work place. IP may change in an hour about 4 times. how to make palo to give access according group if i see that even first level ip-mapping is not working. Or how to make IP-mapping to work correctly?
Another thing on any commit , looks like internet and user identification (ip-maping) is also temporary lost
thanks.
05-07-2012 02:51 PM
If you have laptop users that change IP more frequently than the timeout values, you may want to enable some kind of probing eg, NETBIOS or WMI probing which checks the user @ IP w.x.y.z every 20 min etc.
05-08-2012 09:44 AM
Hello,
If it is just for internet access, I would suggest you use Captive portal with NTLM authentication.
If it's for internal filtering (like datacenter secured resource access) and you have a large network, ActiveDirectory and people switch from wifi to wired network frequently then only GlobalProtect can bring you 100% success . AD log monitoring has many drawbacks and wll work for 95% of people, but yet it means 5% of your users will open tickets everyday because they can't access a resource.
05-08-2012 12:35 PM
About WMI: Yes this is the one but not the best solution. I will try to do it with 10 minutes interval.
About Captive portal: I think it wont work for ftp users.
thanks. hoping to make palo working correctly.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!