07-11-2014 12:01 PM
(PA3000 series FW running 6.0.2) Getting users being blocked by the captive portal from a local service account running on their machine.. only way around it is to disable the service and/or account and then flush the user to ip mapping cache. Any way to eliminate this???? It has been added to the "ignore list" text file on the server running pan agents, however, its a local account so its not working.
07-11-2014 02:43 PM
I believe the exclude list for the subnet will do what you want here and ignore this user account.
How the User-ID Agent Include/Exclude List Works
07-15-2014 01:50 PM
Is this account is used more than one computer? why it's local?
Do You use AD integration or not? in wchich model: agent or agentless?
With regards
Slawek
07-15-2014 01:59 PM
Sorry I misunderstood.
This is the document for adding user accounts to the ignore list.
How to Add/Delete Users from Ignore User List using Agentless User-ID
07-17-2014 06:33 AM
This account is on every computer.. it automatically gets created and is running a particular Citrix service after installing Citrix Receiver (for our Citrix environment)
07-17-2014 06:33 AM
Yes, we use AD but its a local acct. agentless
07-17-2014 06:45 AM
What do you mean with "blocked by captive portal"? The captive portal should only be shown if the user is unknown. If there is already a user mapping the captive portal rule should not match. Even local accounts should be possible to ignore. Is there a user mapping for the ip if the client is blocked?
07-17-2014 07:44 AM
User: ComputerName\__vmware_user__
URL: www.google.com/
Category: block-list
In accordance with company policies, this website has been blocked.
If access to this site is required for Business Usage, then please submit a support request.
**it is being blocked by a local account that does not have or should not have Internet access**
07-17-2014 10:47 AM
Hello,
Are you getting user-ip-mapping from user-id agent or from captive portal authentication?
Regards,
Hari Yadavalli
08-13-2014 04:58 AM
did you disable WMI/Netbios scanning ? local accounts can only be seen by these means.
08-14-2014 10:53 AM
WMI probing = Yes
NetBIOS Probing = No
WMI/NetBIOS Probing Interval = 20
08-15-2014 06:25 AM
turn WMI probing off then.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
