Redistribute User-ID Information From Prisma Access to an
On-Premise Firewall
Shows the steps you take to redistribute User-ID information
from Prisma Access to an on-premise firewall.
In cases where mobile users need to access
a resource on a remote network location or HQ/data center and the
resource is secured by an on-premises next-generation firewall with user-based
policies, you must redistribute User-ID mappings from
the Prisma Access mobile users and users at remote networks to the
on-premises firewall. When the user connects to Prisma Access, it
collects this user-to-IP address mapping and stores it.
The
following figure shows two mobile users that have an existing IP
address-to-username mapping in Prisma Access. Prisma Access then
redistributes this mapping by way of a service connection to the on-premises
firewall that secures the HQ/data center.
To redistribute
User-ID mappings from Prisma Access to an on-premises firewall,
complete the following steps.
Before you start this
task, find the
User-ID Agent Address
in Prisma
Access by selecting
Panorama
Cloud Services
Status
Network Details
, selecting
the
Service Connection
radio button, and
viewing the information in the
User-ID Agent Address
field.
Configure
Prisma Access as a User-ID agent that redistributes user mapping information.
In the Panorama that manages Prisma Access,
select
Device
Data
Redistribution
Collector Settings
.
Make sure that you have selected the
Service_Conn_Template
in the
Templates
drop-down
at the top of the page. The User-ID agent in Prisma Access receives
its User-ID mapping from the domain controller in the data center
by way of the service connection.
Click the gear icon to edit the settings.
Provide a
Collector Name
and
a
Collector Pre-Shared Key
to identify Prisma
Access as a User-ID agent.
Click
OK
to save your changes.
Configure the on-premises firewall to collect the User-ID
mapping from Prisma Access.
From the on-premises firewall, select
Device
Data Redistribution
Agents
.
Add
a User-ID Agent and give
it a
Name
.
Select
Host and Port
.
Enter the
User-ID Agent Address
from
Prisma Access in the
Host
field.
Enter the
Collector Name
and
Collector Pre-Shared
Key
for the Prisma Access collector you created in Step 1.