Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
08-02-2019 12:06 PM
I have PAN UID agent mapping IP-to-usernames. It works like a gem for internal users but not on the DMZ which allows company phones with their AD creds. I am not seeing any usernames for these users although they authenticate against AD server. has anyone experienced this before? Please provide me your inputs.
TIA
08-02-2019 01:36 PM
Hello,
Have you enabled User-ID on that zone?
Regards,
08-02-2019 02:04 PM
Hello,
Does the User-ID agent look at the authentication source for the mapping?
Regards,
08-04-2019 07:34 PM
How exactly are you authroizing those users on the controller, through RADIUS? That won't show up if you are using standard AD event log reading by default.
08-05-2019 05:34 AM
we are authenticating against AD. Yes, Firewall is pointing to that AD server.
08-05-2019 07:23 AM
I'd be careful with user-id in your DMZ zone. If you have rules that allow too much access you could potentially be exposing your user IDs to the public.
https://www.theregister.co.uk/2014/10/21/palo_alto_customers_spray_net_with_firewall_creds/
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClXHCA0
08-05-2019 07:30 AM
@Brandon_Wertz yes, I do have wmi probing disabled. this is a trusted devices dmz.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
