02-09-2024 09:15 AM
Hi Team
We are seeing an issue where only 1 user is having issues when going to any websites over Global Protect. DNS lookup completes and the built-in Apps like Outlook, teams work over GP with no issues. The user is able to successfully authenticate with DUO MFA, the issue is only after the connection with GP.
We can see that the client is being identified as "domain\username" in Monitor > Traffic logs when the client is having issues accessing the website using the web browser.
But under monitor > traffic logs when the same user is identified as just "username" on the firewall we can see that she was able to access Outlook/Teams.
In checking authd.log when she connects with DUO MFA, we can see teh client is recognized just as "username". We would like to understand why sometime firewall is seeing the user as "domain\username" and sometimes "username" only.
Under Policy we have "Any" so nothing gets dropped on Firewall but still client is not able to access the websites. All other working users are being identified as "username" and no one have any issues. Already tried to clear user-mapping but this did not help.
Username Modifier is set to %USERINPUT%.
Is there anything we can check or make sure that the user-id would be consistent or to understand why this is happening with 1 user only.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
