- DeviceUser IdentificationUser MappingPalo Alto Networks User-ID Agent SetupClient Probing
You can configure the User-ID agent to perform WMI client probing for each client system that the user mapping process identifies. The User-ID agent will periodically probe each learned IP address to verify that the same user is still logged in. When the firewall encounters an IP address for which it has no user mapping, it sends the address to the User-ID agent for an immediate probe. To configure client probing settings, complete the following fields.
Do not enable client probing on high-security networks. Do not enable client probing on external untrusted interfaces. Client probing can generate a large amount of network traffic, can pose a security threat when misconfigured, and if enabled on an external untrusted zone, client probing could allow an attacker to send a probe outside of your network and result in disclosure of the User-ID agent service account name, domain name, and encrypted password hash. Instead, collect user mapping information from more isolated and trusted sources, such as domain controllers and through integrations with Syslog or the XML API, which have the added benefit of allowing you to safely capture user mapping information from any device type or operating system, instead of just Windows clients.
The complete procedure to configure the PAN-OS integrated User-ID agent to probe clients requires additional tasks besides configuring the client probing settings.
The PAN-OS Integrated User-ID agent does not support NetBIOS probing but the Windows-based User-ID agent does support it.
Client Probing Settings
Select this option to enable WMI probing.
Probe Interval (min)
Enter the probe interval in minutes (range is 1-1440; default is 20). This is the interval between when the firewall finishes processing the last request and when it starts the next request.
In large deployments, it is important to set the interval properly to allow time to probe each client that the user mapping process identified. Example, if you have 6,000 users and an interval of 10 minutes, it would require 10 WMI requests per second from each client.
If the probe request load is high, the observed delay between requests might significantly exceed the interval you specify.
Client Probing In a Microsoft Windows environment, you can configure the User-ID agent to probe client systems using Windows Management Instrumentation (WMI) and/or NetBIOS probing ...
Configure User Mapping Using the PAN-OS Integrated User-ID ...
Configure User Mapping Using the PAN-OS Integrated User-ID Agent The following procedure shows how to configure the PAN-OS integrated User-ID agent on the firewall for ...
WMI Authentication Device User Identification User Mapping Palo Alto Networks User-ID Agent Setup WMI Authentication To configure the PAN-OS integrated User-ID agent to use Windows ...
Configure the Windows-Based User-ID Agent for User Mapping
Configure the Windows-Based User-ID Agent for User Mapping The Palo Alto Networks User-ID agent is a Windows service that connects to servers on your network—for ...
Enable User-ID The user identity, as opposed to an IP address, is an integral component of an effective security infrastructure. Knowing who is using each ...
Palo Alto Networks User-ID Agent Setup
These settings define the methods that the User-ID agent uses to perform user mapping. ...
Create a Dedicated Service Account for the User-ID Agent
Create a Dedicated Service Account for the User-ID Agent To use either the Windows-based User-ID agent or the PAN-OS integrated User-ID agent to map users ...
Ports Used for User-ID
Ports Used for User-ID User-ID is a feature that enables mapping of user IP addresses to usernames and group memberships, enabling user- or group-based policy ...