To clarify, the message is a 'Warning' and it can be disregarded if the GlobalProtect users do not need a user-ip-mapping.
In most all environments you will want to enable the user-identification feature on the GlobalProtect zone to receive user-ip-mappings for logged in users. These mappings can be used for source user based policy and visualization in logging and reporting.
Thank you for the prompt response to my issue i've posed. In general what my major concern was if I enable user identification on Untrust interface just to get rid of the annoying warning message keeps popping up during the commit process, whether its going to add extra burden to the firewall by actively trying to resole internet addresses (Since its the Untrust interface) with my user-ip mappings stored on the appliance retrieved via active directory. I am pretty much confused why I am still getting this message even after I enable user identification to the Zone where my Global protect vpn tunnel bounded to.
I am neither using HIP profiles to control users nor any other Global protect advanced features at the moment. But have configured Global protect to do authentication through a LDAP authentication profile which points to my AD.
If you do not enable UserID on the Untrust interface with GP enabled, you will be prompted with that warning message each time you commit.
If you'd like get rid of the message, then you'd have to enable User Identification. It is your choice because without enabling UserID on the Untrust, you will be prompted with that Warning message each time
Would it be possible to implement some kind of "ignore these messages" so you wont get warnings you already know about (since a warning force you to read the commit popup just to find out you already knew that warning - compared to if no warning at all is displayed)?
Along with somewhere in the GUI where one could see a list of ignored warnings (and be able to re-enable that warning again)?
At this time, the warnings generated while doing a commit cannot be removed and would be readable each time you commit to the device.
Also there is no option to hide those warnings and re-enabling them.
The idea was to make the user aware of the changes that were made to the configurations might impact the functionality.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!