User-ID rule to bypass HIP check not matching.

Showing results for 
Search instead for 
Did you mean: 

User-ID rule to bypass HIP check not matching.

L1 Bithead

Hi all,


I have a rule to allow certain Global Protect users DNS and RDP traffic by matching the user-id. However, even though it looks like the traffic should match when I view the traffic log it's not?! For some users the rule works fine but others it doesn't match and I can't work it out.


Any help would be greatly appreciated 🙂




Hi, thanks for your response, I have checked in my logs but I have not found rule DENY


I only see that user change your match for another rule but it is allow rule



L3 Networker

Hi ,


Are they RDP with the same account like the login username of GP ? 

Have you defined AD groups in the ACL ? 


What username is not matching the RDP and the DNS and have you compared that to the username login ? 

I had the same issue and I deleted the source user AD group because I had users like domain\bob and the RDP was done by domain\admbob. 



Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!