LIVEcommunity - About JoschkaKruse

JoschkaKruse · ‎12-16-2020

I'm pretty new to Palo and firewalling, so sorry for the lack of info I gave you 😞 We're using a UIA and terminal server agent. Sorry for the faulty info. Thanks for all your responses so far. Just figured it out I guess 🙂 App-id for internal traffic worked properly. Same with user-id somehow. Maybe I had a faulty client for my tests yesterday. So my only issue seemed to be the app-id. I saw that all external requests ended up as incomplete and NAT destination port as 0. So what I missed was, to add the VPN zone to the hide NAT rule. After that, appid was recognized immediately. 🙂 The only thing I'm wondering about is the fact that the user-id gets lost after a longer period of inactivity on the client in the VPN network. Maybe that's cause of the cache settings configured for the user-id?

JoschkaKruse · ‎12-16-2020

Hello everyone, we're using a VM300. I've recently set up 2 VPN tunnels, ike1 and ikev2. Tunnels come up successfully, but no user-ID is being transmitted and apps are not being discovered properly. We also have another site connected via MPLS where everything works fine. User-ID has been enabled on the zone where the tunnels are connected to. Any hints and ideas what I am missing?

Member Since	‎05-26-2020 08:43 AM
Date Last Visited	‎01-12-2021 01:37 AM
Posts	2

Online Status	Offline
Date Last Visited	‎01-12-2021 01:37 AM

Re: User-ID and app discovery on IPSec tunnel for site-to-site VPN

User-ID and app discovery on IPSec tunnel for site-to-site VPN

Re: User-ID and app discovery on IPSec tunnel for site-to-site VPN

User-ID and app discovery on IPSec tunnel for site-to-site VPN

Network Security

Cloud Security

Security Operations

Re: User-ID and app discovery on IPSec tunnel for site-to-site VPN

User-ID and app discovery on IPSec tunnel for site-to-site VPN

Re: User-ID and app discovery on IPSec tunnel for site-to-site VPN

User-ID and app discovery on IPSec tunnel for site-to-site VPN