Hope everyone doing well.
we have setup a windows based User ID. but one problem I saw with that is, it is receiving accounts with $ sign in the last. I believe these are service type accounts and if yes we would like to exclude them on the firewall as we don't want the service accounts to be allowed to go to internet. we have 5650 accounts like this. Palo has a limit of 5000 accounts for Ignore User list. Is there a better way to exclude these accounts on Palo? or is there a better a way to setup on DC's not to forward these accounts to palo?
Do the service accounts have anything the same outside of the $ at the end? If they have something like sa-prod-exchange$ then you might be able to get away with adding sa-prod-* as an entry. I'm not sure if the matched entries from a wildcard count against the overall entry limit or not.
Hi, thanks for the comment, I explored this option but seems like it doesn’t suite well in my case. Because all our service accounts starts with svc for example svcpaloalto, but we are not excluding all the service accounts(sorry, I just realized that I didn’t mention this in earlier post). The wildcard entry will exclude all the accounts that starts with svc in my case, not sure if we are allowed to rename those non excluded service accounts to something other than svc though. At least that way I will not have the same name. Is there any other possibilities to achieve this.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!