Configure HIP Redistribution in Prisma Access
Table of Contents
Configure HIP Redistribution in Prisma Access
How to configure HIP redistribution in a Panorama Managed
Prisma Access deployment.
To allow Prisma Access to collect and redistribute
HIP information, complete the following task.
- Allow Prisma Access to redistribute HIP information.
- In Panorama, select .
- Click the gear icon to edit the settings.
- In theAdvancedtab, selectEnable HIP Redistribution.Enabling HIP Redistribution enables Prisma Access to redistribute the HIP reports received from the GlobalProtect app to internal firewalls and to Panorama.
- Configure Panorama to receive HIP reports from Prisma Access.
- Select .
- Select theManagementinterface.
- SelectUser-ID.
- Configure Panorama to collect the User-ID mapping from Prisma Access.
- From the Panorama that manages Prisma Access, select (for Panorama 10.xappliances) or (for 9.1.xPanorama appliances).
- Adda User-ID Agent and give it aName.
- Enter one of the following values in theHostfield, depending on the types of HIP information you want to collect.
- To collect HIP information for mobile users, enter theUser-ID Agent Address().
- To collect HIP information from users at a remote network locations with an internal gateway, enter the IP address of the internal gateway.
- To collect HIP information from users are a remote network connection, enter theEBGP Routeraddress ( as the User-ID host.
- Enter5007in the port field.By default, the User-ID agent uses port 5007 to listen for HIP information requests.Make sure that your network does not block access to this port between Prisma Access and the Active Directory server or User-ID Agent.
- SelectEnabledto enable Panorama to communicate with the User-ID agent.
- SelectIP User MappingsandHIPto enable Panorama to receive IP address-to-username mappings and GlobalProtect HIP data from all mobile user locations.
- ClickOK.
- Repeat Step 3 for each service connection to which you want to configure HIP report collection.