This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

wrong user-id mapping

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

wrong user-id mapping

ppk_vs
L1 Bithead

‎08-10-2017 03:39 AM

 Hello everybody,

We have a problem with a user to IP mapping.  Doesn't matter which version of PanOS - 7 or 8, doesn't matter if it's using windows agent or direct access from paloalto to LDAP servers. 

   Let's say a user is going to some server, windows exchange for example, and this server authenticates the user by LDAP. Then windows agent will have exchange's IP address mapped to the user name. 

    For now, I have resolved this problem by excluding servers subnets in windows agent configuration. But not sure, may be there is a better way.

 

Regards,

Vladimir.

 

 

 

 

0 Likes Likes
4 REPLIES 4

BPry
Cyber Elite
Cyber Elite

‎08-10-2017 06:46 AM

@ppk_vs,

I'm not really seeing the issue. The way that user-id works is the user that is logged into the server, or the last to log in within the age-out, is the user mapped to that IP. So if you have someone log into your exchange server traffic do something really quick and then log out, they'll maintain the user-id mapping until another account logs a security event or the User ID timeout has been hit (if enabled). 

If you don't want this action to take place then you would do exactly as you describe here, you exlude the IPs from user identification. 

0 Likes Likes

ppk_vs
L1 Bithead
In response to BPry

‎08-10-2017 07:52 AM

Hi,

may be I didn't explain the problem clear.

 So, for example, the user logged in to the PC - after that paloalto had the correct IP address. After that user opened any site in web browser, that used LDAP authentication. Then paloalto has IP address of the server, where that site was hosted, as an IP address mapped to the user.  So if security rule allows access by user-id, it will not match IP address of the user's PC.

 

 

0 Likes Likes

Kolby_Baker
L0 Member
In response to ppk_vs

‎03-08-2021 11:23 AM

Hello, 

Did you ever find a solution to your problem? I am having the same issue. what did you end up doing to to get the ip user mapping to the user's machine and not the authentication server?

0 Likes Likes

ppk_vs
L1 Bithead
In response to Kolby_Baker

‎01-18-2022 04:19 AM

Sorry, I have just seen the answer. So, I normally just use user-id exclusion lists for such server for which I don't want to use a user-id from the one side and where can some authentication event happen. 

0 Likes Likes
  • 4983 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks