User-ID and GlobalProtect User Access

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

User-ID and GlobalProtect User Access

L1 Bithead

Currently I have 2 HA'd 3020 on 8.0.0 code. I have SSL vpn setup using globalprotect with LDAP. Also having implemented User-id for policy access.

 

All this is working.

 

My problem is, when users access the network over globalprotect. Those users miss the rules created based on the "domain\user" and are only seen as "user". Now if the user accesses a server, service, drive, etc, the user will then have the correct "domain\user".  This then forcing the user to use the correct rule set. But if the users dont access any AD services, they will then be forced to a "non user id" rule.

 

Is there a way to append the "domain\" to globalprotect users?

 

Would it be better to just segement globalprotect users? This seems to double the work and a bit mundayne. 

 

 

1 accepted solution

Accepted Solutions

Cyber Elite
Cyber Elite

 

Adjusting the Username Modifier in the authentication profile will correct this issue

 

auth username modifier.png

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

View solution in original post

1 REPLY 1

Cyber Elite
Cyber Elite

 

Adjusting the Username Modifier in the authentication profile will correct this issue

 

auth username modifier.png

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
  • 1 accepted solution
  • 2095 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!