11-25-2021 04:38 AM
Hello I have several questions to ask you about the user ID.
1)We say that the LDAP does not map between the ip and the user, so who does the mapping between the ip and the user name?
2) then, when we configure the mapping of group. I do not understand the mapping of group in what it consists? To associate the name of the user and his ip or to associate a name to a group?
Because we talk about "group mapping" and not "IP mapping".
11-25-2021 05:10 AM - edited 11-25-2021 05:11 AM
Hi @Sarou22 ,
- the firewall provide several methods to map IPs to user, one of them is server Monitoring which allow the firewall to monitor AD servers for users authentication, so the firewall can do that among other methods as well.
for more info check this out: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/user-id/map-ip-addresses-to-users.html#id6...
- About group to user mapping also the firewall itself will do that, when it is configured, under Device>User Idenetification.
11-25-2021 06:06 AM
Hello, thank you for the answer.
But I don't understand why we talk about group to user mapping because the firewall maps a user to its IP?
Exemple
User id : John
IP: 192.168.1.1
It's not group to user mapping, isn't it?
11-25-2021 07:18 AM
for example in a Security policy, to be able to control traffic of a certain user you will need IPs to User mapping. And if you want to control traffic of a certain group you will need IPs to User mapping & users to group mapping.
11-29-2021 12:01 PM
So
Exemple :
Group : John ( 1 person)
Now i don't need group mapping because there IS only one person isn't it ?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!