Dear Team, I have one scenario while connecting GP with LDAP user will get the IP address then the user is trying to connect internal server the traffic will go through the cisco FTD. the issue is that once traffic will pass Paloalto then we checked in he Cisco FTD the user and IP address we are getting only management IP address and service account of Paloalto :- I am giving one example for better understanding:- Example:- - UserA, UserB and UserC is the AD users. - Service account name is palo@servicecccount - Management IP of the firewall - 192.168.1.10 When USer A will connect the GLobal protect it will get the 10.0.0.1 IP address. When USer B will connect the GLobal protect it will get the 10.0.0.2 IP address. When USer C will connect the GLobal protect it will get the 10.0.0.3 IP address. Traffic flow:- GP USER > PA FIrewall > CISCO FTD > internal server(172.16.1.1) Then all the users try to access 172.16.1.1 on the CISCO FTD the IP address should show 10.0.0.1 ,10.0.0.2,10.0.0.3 with the name UserA, UserB, UserC) instead od this The Paloalto forward the detail 192.168.1.10(Managment IP) with user palo@serviceaccount . for all the AD users. ****************************************************************** Scenario 1: GP connect with local user ---> PA (IP Based) ---> Cisco (IP based) = worked Scenario 2: GP connect with LDAP user ---> PA (Ldap user based) ---> Cisco (Ldap user based -As per logs, Managment IP of PA and AD service account recieve as source) = Not worked Is this default behaviour or do i need to take any further action to resolve this.???
... View more