Good Day... Let me see if I can start to clarify the logic. The UserID agent on the FW or installed on a DC, looks at the last 50k log entries, looking for login/logout request messages. This list is sent over to the FW, so now the FW has the IP and the username associated with a user. If an IP does not have any User information, then it becomes simply a IP inside your network. You decide if you trust/want unknown users/IP/rogue devices in your network..... You *could* (and probably should....) do an authentication policy/captive portal, to help identify and add the user to the UserID cache of the FW. You could put up a splash page, to ask the user to identify themselves, if NTLM (browser based authentication does not work) You *could* enabled IP probing (if a windows devices), so that unknown IPs are interrogated and with the correct service account permissions (Distributed COM User) allow the FW to ask the IP about who he is.. and based on the response back, update the IP cache. When, and how, do the FWs confirm their IP address to UID associations? Customer defined... with the UserID agent. Mine is set for 2 secs. The user timeout is defined in User Identification section of the FW (under the Device tab) Granted... I am showing on the integrated UserID agent, but the same information is on the standalong UserID agent as well.
... View more
Solved by: import pandevice my_fw = firewall.Firewall(host, user, password) response = my_fw.op(command2, xml=True) print(response) The response is a page of XML, so needs to be interpreted, but I do get the answers I want 🙂
... View more