I am running into an issue with Global Protect users due to remoting into other machines with other credentials. I have read extensive articles about the issue and understand that the firewall can only map one user name to an IP. That appears to be exactly what is happening., A user logs in and has internal connectivity, then logs into an RDP session. After logout that user has no connectivity due to the mapping being retained to the admin or service account. From what I gather, I need to exclude those accounts from user mapping. My uncertainty is in our setup. Our internal firewall has a server monitoring setup with all the remote DC's showing connected (Device / User Identification / User Mapping Tab / Server Monitoring). Each remote firewall under (Device / User Identification / User-Id Agents tab) has a mapping to the internal firewall. What I am looking for clarification on is whether I need to create the ignore user list on the internal firewall or each individual firewall. I would assume it would be the internal firewall but not 100 percent sure on this. Any help would be appreciated.
You would just need this on your internal firewall if you have your remote DCs setup through redistribution. You might want to think through all the ramifications of just blanket ignoring these accounts on the firewall however. You won't have these accounts to use in your rulebase or your logs anymore at all, so if they are being used in your rulebase at all to limit/allow traffic in other rules you'll have to take another look at that.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!