Include or Exclude Subnetworks for User Mapping
- Device > User Identification > User Mapping
Use the Include/Exclude Networks list to define the subnetworks that the User-ID agent will include or exclude when performing IP address-to-username mapping (discovery). By default, if you don’t add any subnetworks to the list, the User-ID agent performs discovery for user identification sources in all subnetworks except when using WMI probing for client systems that have public IPv4 addresses. (Public IPv4 addresses are those outside the scope of RFC 1918 and RFC 3927).
To enable WMI probing for public IPv4 addresses, you must add their subnetworks to the list and set their Discovery option to Include. If you configure the firewall to redistribute user mappinginformation to other firewalls, the discovery limits you specify in the list will apply to the redistributed information.
Use the include and exclude lists to define the subnets in which the firewall performs user mapping.
You can perform the following tasks on the Include/Exclude Networks list:
To limit discovery to a specific subnetwork, Add a subnetwork profile and complete the following fields:
The User-ID agent applies an implicit exclude all rule to the list. For example, if you add subnetwork 10.0.0.0/8 with the Include option, the User-ID agent excludes all other subnetworks even if you don’t add them to the list. Add entries with the Exclude option only if you want the User-ID agent to exclude a subset of the subnetworks you explicitly included. For example, if you add 10.0.0.0/8 with the Include option and add 10.2.50.0/22 with the Exclude option, the User-ID agent will perform discovery on all the subnetworks of 10.0.0.0/8 except 10.2.50.0/22, and will exclude all subnetworks outside of 10.0.0.0/8. If you add Exclude profiles without adding any Include profiles, the User-ID agent excludes all subnetworks, not just the ones you added.
To remove a subnetwork from the list, select and Delete it.
Tip: To remove a subnetwork from the Include/Exclude Networks list without deleting its configuration, edit the subnetwork profile and clear Enabled.
Custom Include/Exclude Network
By default, the User-ID agent evaluates the subnetworks in the order you add them, from top-first to bottom-last. To change the evaluation order, click Custom Include/Exclude Network Sequence. You can then Add, Delete, Move Up, or Move Down the subnetworks to create a custom evaluation order.
Building Blocks of Security Zones
Building Blocks of Security Zones To define a security zone, click Add and specify the following information. Security Zone Settings Description Name Enter a zone ...
Configure the Windows-Based User-ID Agent for User Mapping
Configure the Windows-Based User-ID Agent for User Mapping The Palo Alto Networks User-ID agent is a Windows service that connects to servers on your network—for ...
Configure User Mapping Using the PAN-OS Integrated User-ID ...
Configure User Mapping Using the PAN-OS Integrated User-ID Agent The following procedure shows how to configure the PAN-OS integrated User-ID agent on the firewall for ...
Device > User Identification > User Mapping
Device > User Identification > User Mapping Configure the PAN-OS integrated User-ID agent that runs on the firewall to map IP addresses to usernames. What ...
Monitor Servers Device > User Identification > User Mapping Use the Server Monitoring section to define the Microsoft Exchange Servers, Active Directory (AD) domain controllers, ...
Prepare to Set Up the VM-Series Firewall on Google Public Cloud
Prepare to set up a VM-Series firewall on Google Cloud Platform, configure your Google accounts access (including the SSH key pair), plan VPC networks, and ...
Configure User-ID for Numerous Mapping Information Sources
Configure User-ID for Numerous Mapping Information Sources Configure Windows Log Forwarding on the member servers that will collect login events. Configure Windows Log Forwarding . ...
Enable User-ID The user identity, as opposed to an IP address, is an integral component of an effective security infrastructure. Knowing who is using each ...
Client Settings Tab
Client Settings Tab Select Network GlobalProtect Gateways Agent Client Settings to configure settings for the virtual network adapter on the endpoint when the GlobalProtect app ...