User IP-user-mapping incorrect

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

User IP-user-mapping incorrect

L3 Networker

(PA3000 series FW running 6.0.2) Getting users being blocked by the captive portal from a local service account running on their machine.. only way around it is to disable the service and/or account and then flush the user to ip mapping cache.  Any way to eliminate this????  It has been added to the "ignore list" text file on the server running pan agents, however, its a local account so its not working.

14 REPLIES 14

L7 Applicator

I believe the exclude list for the subnet will do what you want here and ignore this user account.

How the User-ID Agent Include/Exclude List Works

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

L3 Networker

I don't want to exclude an entire subnet..  its happening on all subnets with 1 particular local account.

L4 Transporter

Is this account is used  more than one computer? why it's local?

Do You use AD integration or not? in wchich model: agent or agentless?

With regards

Slawek

Sorry I misunderstood.

This is the document for adding user accounts to the ignore list.

How to Add/Delete Users from Ignore User List using Agentless User-ID

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

This account is on every computer.. it automatically gets created and is running a particular Citrix service after installing Citrix Receiver (for our Citrix environment)

Yes, we use AD but its a local acct.  agentless

L3 Networker

What do you mean with "blocked by captive portal"? The captive portal should only be shown if the user is unknown. If there is already a user mapping the captive portal rule should not match. Even local accounts should be possible to ignore. Is there a user mapping for the ip if the client is blocked?

L3 Networker

 

Web Page Blocked

 

User: ComputerName\__vmware_user__

 

URL: www.google.com/

 

Category: block-list

 

In accordance with company policies, this website has been blocked.

 

If access to this site is required for Business Usage, then please submit a support request.


**it is being blocked by a local account that does not have or should not have Internet access**

 

Hello,

Are you getting user-ip-mapping from user-id agent or from captive portal authentication?

Regards,

Hari Yadavalli

user-id-agent

L4 Transporter

did you disable WMI/Netbios scanning ? local accounts can only be seen by these means.

WMI probing  = Yes

NetBIOS Probing = No

WMI/NetBIOS Probing Interval = 20

turn WMI probing off then.

L3 Networker

didnt help

  • 5307 Views
  • 14 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!