Terminal server from a single IP address, the firewall cannot distinguish which user generated which traffic!

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Terminal server from a single IP address, the firewall cannot distinguish which user generated which traffic!

L0 Member

When multiple users access a terminal server from a single IP address, the firewall cannot distinguish which user generated which traffic. The firewall maps the IP address to only one user.

 

After research, I resolved this issue with TSA, but I wanted to know if it's possible to determine which user actually owned the traffic from the past, before TSA was installed!

1 REPLY 1

Cyber Elite
Cyber Elite

No you can't get historical data.

If you install TSA then every user will get block of source ports.

Outgoing traffic from specific user will be sourced from port range assigned to that user.

TSA hands over source block range to user mapping over to Palo that can then identify user based on what source port traffic came from.

 

As you don't have such source port mapping before TSA was installed you can't segregate user traffic from before TSA install.

Principal Architect @ Cloud Carib Ltd
Palo Alto Networks certified from 2011
  • 241 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!