Prisma Access
Panorama
Table of Contents
Expand All
|
Collapse All
Prisma Access Docs
-
- Prisma Access China
- 4.0 & Later
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
-
-
-
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
Panorama
Panorama
Learn how to redistribute HIP information.
To allow
Prisma Access
to collect and redistribute HIP information, complete the
following task.- AllowPrisma Accessto redistribute HIP information.
- In Panorama, select.PanoramaCloud ServicesConfigurationService Setup
- Click the gear icon to edit the settings.
- In theAdvancedtab, selectEnable HIP Redistribution.Enabling HIP Redistribution enablesPrisma Accessto redistribute the HIP reports received from the GlobalProtect app to internal firewalls and to Panorama.
- Configure Panorama to receive HIP reports fromPrisma Access.
- Select.PanoramaSetupInterfaces
- Select theManagementinterface.
- SelectUser-ID.
- Configure Panorama to collect the User-ID mapping fromPrisma Access.
- From the Panorama that managesPrisma Access, select(for Panorama 10.PanoramaData RedistributionAgentsxappliances) or(for 9.1.PanoramaUser IdentificationUser-ID AgentsxPanorama appliances).
- Adda User-ID Agent and give it aName.
- Enter one of the following values in theHostfield, depending on the types of HIP information you want to collect.
- To collect HIP information for mobile users, enter theUser-ID Agent Address().PanoramaCloud ServicesStatusNetwork DetailsService ConnectionUser-ID Agent Address
- To collect HIP information from users at a remote network locations with an internal gateway, enter the IP address of the internal gateway.
- To collect HIP information from users are a remote network connection, enter theEBGP Routeraddress (as the User-ID host.PanoramaCloud ServicesStatusNetwork DetailsRemote NetworksEBGP Router
- Enter5007in the port field.By default, the User-ID agent uses port 5007 to listen for HIP information requests.Make sure that your network does not block access to this port betweenPrisma Accessand the Active Directory server or User-ID Agent.
- SelectEnabledto enable Panorama to communicate with the User-ID agent.
- SelectIP User MappingsandHIPto enable Panorama to receive IP address-to-username mappings and GlobalProtect HIP data from all mobile user locations.
- ClickOK.
- Repeat Step 3 for each service connection to which you want to configure HIP report collection.