UserID and VPN

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

UserID and VPN

L4 Transporter

Is it necessary to have userid enabled on the VPN zone interfaces to see the userids?

8 REPLIES 8

Cyber Elite
Cyber Elite

@jdprovine

User-ID will need to be enabled on the zone that the GlobalProtect tunnel terminates in. 

Cyber Elite
Cyber Elite

Enabling userID on a zone tells the firewall it should collect and remember user information per IP for that zone.

So if you do not enable UserID on the VPN zone, the firewall will see the UserID when the user authenticates but then does not proceed to catalog a user-IP mapping

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

@reaper

Thats what I thought Reaper but I wanted to make sure

@BPry

 

Specific zones have been setup for each VPN or which we have 3 VPNs. So it sounds like it does need to be enabled? The sure way to find out is to turn it off , go through the VPN and see LOL

I took disable userid identification on one of my VPN zones and it still showw the user information

I did some testing and it appears that the userid quits showing in the monitor logs when userid is not enabled for the VPN. But it shows up everywhere else

Did you turn it off and checked immediately? it won't immediately remove existing mappings, it will stop collecting new ones

the opposite is also true: if you enable it, new mappings will only appear for new connections, not for existing ones

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

@reaper

 

No I stop and started the GP connection and the user information dissappeared when I restarted the session after I disable userid. I tried it a few times and got the same result. But again it only dissappeared in the monitor logs not anywhere else

  • 2831 Views
  • 8 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!