Focus

Redistribute User-ID Information From Prisma Access to an On-Premise Firewall

Table of Contents

Filter

Expand All | Collapse All

Prisma Access Docs

Administration
Version
- Prisma Access China
- 4.0 & Later
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
Integrations
Incidents & Alerts
Release Notes
Version
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred

Redistribute User-ID Information Between Prisma Access and On-Premises Firewalls

Redistribute User-ID Information From an On-Premises Firewall to Prisma Access

Redistribute User-ID Information From Prisma Access to an On-Premise Firewall

Shows the steps you take to redistribute User-ID information from Prisma Access to an on-premise firewall.

In cases where mobile users need to access a resource on a remote network location or HQ/data center and the resource is secured by an on-premises next-generation firewall with user-based policies, you must redistribute User-ID mappings from the Prisma Access mobile users and users at remote networks to the on-premises firewall. When the user connects to Prisma Access, it collects this user-to-IP address mapping and stores it.

The following figure shows two mobile users that have an existing IP address-to-username mapping in Prisma Access. Prisma Access then redistributes this mapping by way of a service connection to the on-premises firewall that secures the HQ/data center.

To redistribute User-ID mappings from Prisma Access to an on-premises firewall, complete the following steps.

Before you start this task, find the

User-ID Agent Address

in Prisma Access by selecting

Panorama

Cloud Services

Status

Network Details

, selecting the

Service Connection

radio button, and viewing the information in the

User-ID Agent Address

field.

Configure Prisma Access as a User-ID agent that redistributes user mapping information.

In the Panorama that manages Prisma Access, select

Device

Data Redistribution

Collector Settings

Make sure that you have selected the

Service_Conn_Template

in the

Templates

drop-down at the top of the page. The User-ID agent in Prisma Access receives its User-ID mapping from the domain controller in the data center by way of the service connection.

Click the gear icon to edit the settings.

Provide a

Collector Name

and a

Collector Pre-Shared Key

to identify Prisma Access as a User-ID agent.

Click

to save your changes.

Configure the on-premises firewall to collect the User-ID mapping from Prisma Access.

From the on-premises firewall, select

Device

Data Redistribution

Agents

Add

a User-ID Agent and give it a

Name

Select

Host and Port

Enter the

User-ID Agent Address

from Prisma Access in the

Host

field.

Enter the

Collector Name

and

Collector Pre-Shared Key

for the Prisma Access collector you created in Step 1.

Select

IP User Mappings

Click

Repeat these steps for each service connection.

Redistribute User-ID Information Between Prisma Access and On-Premises Firewalls

Redistribute User-ID Information From an On-Premises Firewall to Prisma Access

Prisma Access Docs

Redistribute User-ID Information From Prisma Access to an On-Premise Firewall

Prisma Access Docs

Redistribute User-ID Information From Prisma Access to an On-Premise Firewall

Recommended For You

Activation & Onboarding

SASE

Cloud-Delivered Security Services

Network Security

Endpoints

Visibility & Monitoring

Best Practices

Experts Corner