wrong user-id mapping

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

wrong user-id mapping

L1 Bithead

 Hello everybody,

We have a problem with a user to IP mapping.  Doesn't matter which version of PanOS - 7 or 8, doesn't matter if it's using windows agent or direct access from paloalto to LDAP servers. 

   Let's say a user is going to some server, windows exchange for example, and this server authenticates the user by LDAP. Then windows agent will have exchange's IP address mapped to the user name. 

    For now, I have resolved this problem by excluding servers subnets in windows agent configuration. But not sure, may be there is a better way.

 

Regards,

Vladimir.

 

 

 

 

4 REPLIES 4

Cyber Elite
Cyber Elite

@ppk_vs,

I'm not really seeing the issue. The way that user-id works is the user that is logged into the server, or the last to log in within the age-out, is the user mapped to that IP. So if you have someone log into your exchange server traffic do something really quick and then log out, they'll maintain the user-id mapping until another account logs a security event or the User ID timeout has been hit (if enabled). 

If you don't want this action to take place then you would do exactly as you describe here, you exlude the IPs from user identification. 

Hi,

may be I didn't explain the problem clear.

 So, for example, the user logged in to the PC - after that paloalto had the correct IP address. After that user opened any site in web browser, that used LDAP authentication. Then paloalto has IP address of the server, where that site was hosted, as an IP address mapped to the user.  So if security rule allows access by user-id, it will not match IP address of the user's PC.

 

 

Hello, 

Did you ever find a solution to your problem? I am having the same issue. what did you end up doing to to get the ip user mapping to the user's machine and not the authentication server?

Sorry, I have just seen the answer. So, I normally just use user-id exclusion lists for such server for which I don't want to use a user-id from the one side and where can some authentication event happen. 

  • 5100 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!