11-13-2024 11:51 PM
Hello Everyone,
My user-id redistribution topology is as follows:
Prisma access --> Azure VM 300 firewall --> On-prem PA Firewalls (about 4 HA Pairs) and vice -versa as i need bidirectional ip-username mappings.
Reason to do directional mappings is that We have GP users and branch users on prisma access for which i need user-id mapping and also, on local firewalls, we have internal gateways configured and local site users are hitting these internal gateways for which we need user-id mappings.
I am able to get user id mappings for GP users from Prisma access but unable to get the mappings for the Remote network users and local firewalls users.
Please suggest.
11-20-2024 12:48 AM
Why do you have issues with this ? As shown in the documentation you can select a master device https://docs.paloaltonetworks.com/prisma/prisma-access/3-2/prisma-access-panorama-admin/configure-us... that can feed this data to Prisma Access. Also if you use the Cloud Identity Engine (CIE) as authentication source for the on-prem firewalls it will feed the prisma access https://docs.paloaltonetworks.com/cloud-identity/cloud-identity-engine-getting-started/get-started-w...
Also if your Service Connection DC is the one that needs to send the data see :
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
