Focus

Redistribute User-ID Information From Prisma Access to an On-Premise Firewall

Table of Contents

Filter

Expand All | Collapse All

Prisma Access Docs

Activation & Onboarding
Administration
Version
- Prisma Access China
- 4.0 & Later
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
Integrations
Incidents & Alerts
Release Notes
Version
- 5.2 Preferred and Innovation
- 5.1 Preferred and Innovation
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred

Redistribute User-ID Information Between Prisma Access and On-Premises Firewalls

Redistribute User-ID Information From an On-Premises Firewall to Prisma Access

Redistribute User-ID Information From Prisma Access to an On-Premise Firewall

Shows the steps you take to redistribute User-ID information from Prisma Access to an on-premise firewall.

In cases where mobile users need to access a resource on a remote network location or HQ/data center and the resource is secured by an on-premises next-generation firewall with user-based policies, you must redistribute User-ID mappings from the Prisma Access mobile users and users at remote networks to the on-premises firewall. When the user connects to Prisma Access, it collects this user-to-IP address mapping and stores it.

The following figure shows two mobile users that have an existing IP address-to-username mapping in Prisma Access. Prisma Access then redistributes this mapping by way of a service connection to the on-premises firewall that secures the HQ/data center.

To redistribute User-ID mappings from Prisma Access to an on-premises firewall, complete the following steps.

Before you start this task, find the User-ID Agent Address in Prisma Access by selecting PanoramaCloud ServicesStatusNetwork Details, selecting the Service Connection radio button, and viewing the information in the User-ID Agent Address field.

Configure Prisma Access as a User-ID agent that redistributes user mapping information.
1. In the Panorama that manages Prisma Access, select DeviceData RedistributionCollector Settings.
  Make sure that you have selected the Service_Conn_Template in the Templates drop-down at the top of the page. The User-ID agent in Prisma Access receives its User-ID mapping from the domain controller in the data center by way of the service connection.
2. Click the gear icon to edit the settings.
3. Provide a Collector Name and a Collector Pre-Shared Key to identify Prisma Access as a User-ID agent.
4. Click OK to save your changes.
Configure the on-premises firewall to collect the User-ID mapping from Prisma Access.
1. From the on-premises firewall, select DeviceData RedistributionAgents.
2. Add a User-ID Agent and give it a Name.
3. Select Host and Port.
4. Enter the User-ID Agent Address from Prisma Access in the Host field.
5. Enter the Collector Name and Collector Pre-Shared Key for the Prisma Access collector you created in Step 1.
6. Select IP User Mappings.
7. Click OK.
8. Repeat these steps for each service connection.

Redistribute User-ID Information Between Prisma Access and On-Premises Firewalls

Redistribute User-ID Information From an On-Premises Firewall to Prisma Access

Prisma Access Docs

Redistribute User-ID Information From Prisma Access to an On-Premise Firewall

Prisma Access Docs

Redistribute User-ID Information From Prisma Access to an On-Premise Firewall

Activation & Onboarding

SASE

Cloud-Delivered Security Services

Network Security

Endpoints

Visibility & Monitoring

Best Practices

Experts Corner