When I configured authentication on PaloAlto I met the problem: I tested authentication on PaloAlto: - 1 Domain Server: installed PAN Agent - 2 pc join domain - Create some accounts: user1, user2, user3 1> I logon with domain user (user1), I can access Internet and in Monitor Tab I can see my pc had been authenticated (user_domain.png) 2> I logout and login again with local user (cloud), I still can access Internet (user_Local.png) although I set policy deny all except user1, user2 (policy.png) 3> If I changed IP Address from 172.16.1.71 to 172.16.1.76, I couldn’t access Internet but If I changed IP Address to 172.16.1.71, I still access Internet. - I want only domain user can access Internet but local user, PaloAlto can do or not? - I think PaloAlto cached the IP Address to define Account Domain so when I logon with local user with old IP Address, I still access Internet. If I right, how long PaloAlto will clear cache? Can I change the time to clear? - I used PC1 to access Internet with user1 but I still could used PC2 to access Internet with user1. PC1 and PC2 could access Internet in the same time with the same user. Can I configure PaloAlto allow only one user to access Internet?
... View more