About andreip

Hello,   Thank you for the promptitude of your answer, I was able to build the miner-aggregator-output chain based on video on a Ubuntu-based MM.   So the AF miner is entirely dependant on the already defined export list in AF and does not build the IPs list/DNS names/domains based on parsing the output of a customizable (in MM, not AF) search ...   Thank you for your time,   andreip ... View more

Since I tried to reply to Mr. Delio's reply and not to original post, I ended with duplicate posts - surprise, one cannot delete his/hers own posts (maybe the workaround of Reporting the post as inapropriate content would apply ...).     So, dear viewers, please vote for adding to post entries menu the option to delete the post. ... View more

Hello and thank you for the follow up.   Although there is a great fuss about searching using natural language, we, as network technes, are more accustomed to digits (I wouldn't mind if the KB would use a  s e a r c h a b l e -please excuse my French, "actionable"- tag system for indexing in hex), not to mention bad habits of recalling 5+-2 digits (Psychology 101) of a KBxxxxx or SKyyyyyy instead of guessing how others might describe an issue or feature.   Now, that we have a working search/sort-by-tag and even l a b e l s (random sample screenshot below, with search keywords in bold). I think it's time to move forward. Pantopia served its purpose.   ... View more

Tested w. UID Agent 7.0.2, PANOS 7.0.2 VM-100:   In the configuration file UserIDAgentConfig.xml, for each auth source (server), there is a default-domain variable, which does not have a value by default. I tested by filling in the desired domain name to be prepended and sending via XML API usernames with and without domains and checking on firewall:   UserIDAgentConfig.xml:   <server-settings> <server-entry name="xxx" type="active-directory" address="xxx" port="" syslog-profile="" default-domain="xxx"/> </server-settings>   In the following snippets, 10.1.1.1 is the firewall, 10.1.1.201 is the domain controller with UID Agent installed   XML file sent via curl:   <uid-message> <version>1.0</version> <type>update</type> <payload> <login> <entry name="uid" ip="10.1.1.121" timeout="20"/> </login> <login> <entry name="uid2" ip="10.1.1.122" timeout="20"/> </login> <login> <entry name="beta\uid3" ip="10.1.1.123" timeout="20"/> </login> <login> <entry name="gamma\uid4" ip="10.1.1.124" timeout="20"/> </login> </payload> </uid-message>   File was sent via:   curl -vk --form file=@uid.xml https://10.1.1.201:5006   UID Agent displays username exactly how it was sent, without interpreting the separator (@ and \ tried):       and the firewall is updated:   admin@pavm-7> show user ip-user-mapping all IP Vsys From User IdleTimeout(s) MaxTimeout(s) --------------- ------ ------- -------------------------------- -------------- ------------- 10.1.1.124 vsys1 UIA gamma\uid4 222 222 10.1.1.201 vsys1 UIA alpha\panwagent 901 901 10.1.1.121 vsys1 UIA uid 397 397 10.1.1.125 vsys1 UIA uid5@delta 1127 1127   So the default-domain variable in UID Agent configuration file doesn't seem to append or overwrite a domain name to users without domain, to get something usable for user-group mapping.   Certificate used in CP is just a method to validate an identity - since it's not correlated natively to an auth server/sequence, I doubt you can extract fields from cert (e. g. UPN) to check user-group mapping.   If you are not trying to control internet access, but access to internal resources, Kerberos challenge introduced in PANOS 7.0 (works with browser-challenge method) might help. ... View more