End-of-Life (EoL)
User Identification (User-ID™) is a Palo Alto Networks® next-generation firewall feature that seamlessly integrates with a range of enterprise directory and terminal services to tie application activity and policies to usernames and groups instead of just IP addresses. Configuring User-ID enables the Application Command Center (ACC), App Scope, reports, and logs to include usernames in addition to user IP addresses. You can configure the following agents to collect IP address-to-username mapping and username-to-group mapping information:
PAN-OS integrated User-ID agent that runs on the firewall Windows-based User-ID agents that are installed on directory servers in your network Terminal Services (TS) agents that are installed on Windows/Citrix terminal servers and map usernames to ports on systems where multiple users have the same IP address
You can configure several methods for collecting user and group mapping information , including server monitoring, syslog message parsing, port mapping, XFF headers, and Captive Portal authentication. In a network with multiple firewalls and hundreds of user identification sources or users who rely on local sources for authentication but access remote resources, you can simplify User-ID management by configuring user mapping redistribution among firewalls.
If the firewall has multiple virtual systems, each virtual system requires a separate User-ID configuration; by default, virtual systems don’t share user mapping information, though you can configure them for redistribution. When configuring User-ID, select the virtual system in the Location drop-down at the top of the Device > User Identification page.
What do you want to know? See:
Configure the PAN-OS integrated User-ID agent to collect user mapping information for the firewall. Device > User Identification > User Mapping
Configure the firewall to receive user mapping information from Windows-based User-ID agents or other firewalls behaving as User-ID agents. Device > User Identification > User-ID Agents
Enforce user-based policy for systems where multiple users have the same IP address. Device > User Identification > Terminal Services Agents
Enforce policy based on user groups. Device > User Identification > Group Mapping Settings
Use Captive Portal to enforce policy based on users and groups. Device > User Identification > Captive Portal Settings
Looking for more? User-ID

Recommended For You