End-of-Life (EoL)
For the PAN-OS integrated User-ID agent, you can now use the firewall web interface as an alternative to the CLI to configure the ignore user list and specify user accounts that don’t require IP address-to-username mapping (such as kiosk accounts). Using the web interface is easier and reduces the chance of errors that can compromise enforcement of user-based policies.
Configure the Ignore User List
Select Device > User Identification > User Mapping and edit the Palo Alto Networks User-ID Agent Setup.
Select the Ignore User List tab.
Click Add and enter a username. You can use an asterisk as a wildcard character to match multiple usernames, but only as the last character in the entry. For example, corpdomain\it-admin* would match all administrators in the corpdomain domain whose usernames start with the string it-admin. You can add up to 5,000 entries to exclude from user mapping.
Click OK and Commit.

Recommended For You