Prisma Access - additional agent config for gateway settings

Reply
Highlighted
L0 Member

Prisma Access - additional agent config for gateway settings

Hi,

Does anyone know if there is a possibility for another agent config for gateway settings within the Mobile_User_Template ?
It seems that whatever I put in there it's been ignored and always the DEFAULT config is given to the clients.

On on-premise devices it works as expected.

Thanks


Accepted Solutions
Highlighted
L0 Member

Re: Prisma Access - additional agent config for gateway settings

Hi @SuperMario 

Thanks your for response.
You are right, config order and correct Group-format are mandatory for Prisma Access.

I had to create a TAC case.
We found a mismatch between SAML authenticated users and group-mapping from Active-Directory.
pan_user_group_user_prime_uid_lookup(pan_user_group_multi_attr.c:1281): For domain\username user, domain example does not exist in group-mapping
Once the customer provided his NetBIOS domain name  we got a match and it works as expected.

Case closed


View solution in original post


All Replies
Highlighted
L3 Networker

Re: Prisma Access - additional agent config for gateway settings

Hi @marceli.namyslo ,

 

Yes, it is possible.
Keep in mind that the configuration will be applied from top to bottom, hence, if the default config is at the top of your configuration list, it will always be used if the user/group and OS are set to match any.

However, if you created a new config, which is at the top and is specific to a set of users/groups, and still is not being picked up, this means that our Prisma Access device is not able to recognize the user-id/group. You may need to open a TAC case to further troubleshoot your user-id configuration.

Note: for Group based configurations should be configured via their distinguished name (CN=xyz,....DC=corp,DC=com)

 

Here is an example:

SuperMario_0-1590631203281.png

 

 

Let us know if you have any further questions.

 

 

 

Highlighted
L0 Member

Re: Prisma Access - additional agent config for gateway settings

Hi @SuperMario 

Thanks your for response.
You are right, config order and correct Group-format are mandatory for Prisma Access.

I had to create a TAC case.
We found a mismatch between SAML authenticated users and group-mapping from Active-Directory.
pan_user_group_user_prime_uid_lookup(pan_user_group_multi_attr.c:1281): For domain\username user, domain example does not exist in group-mapping
Once the customer provided his NetBIOS domain name  we got a match and it works as expected.

Case closed


View solution in original post

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!