Redistribute User-ID Information From an On-Premises Firewall to Prisma Access
Focus
Focus

Redistribute User-ID Information From an On-Premises Firewall to Prisma Access

Table of Contents

Redistribute User-ID Information From an On-Premises Firewall to Prisma Access

Shows the steps you use to redistribute User-ID information from an on-premises firewall to Prisma Access.
In cases where users are at a branch location or HQ that is secured by an on-premises next-generation firewall with user-based policies, and they need to access resources at another branch location that you have secured with Prisma Access, you must redistribute User-ID mappings from the on-premises firewall to Prisma Access.
The following figure shows an HQ/Data center with an on-premises next-generation firewall with existing IP address-to-username mapping. Prisma Access connects to the firewall with a service connection, and the on-premises firewall redistributes the mapping to Prisma Access.
To redistribute User-ID mappings from an on-premises firewall to Prisma Access, complete the following steps.
  1. Configure the on-premises firewall to redistribute User-ID information to Prisma Access.
    1. From the on-premises firewall, select
      Device
      Data Redistribution
      Collector Settings
      .
    2. Click the gear icon to edit the settings.
    3. Provide a
      Collector Name
      and a
      Collector Pre-Shared Key
      to identify the on-premises firewall as a User-ID agent.
    4. Click
      OK
      to save your changes.
  2. Configure Prisma Access to collect the User-ID mapping from the on-premises firewall.
    1. From the Panorama that manages Prisma Access, select
      Device
      Data Redistribution
      Agents
      .
      Make sure that you have selected the
      Remote_Network_Template
      in the
      Templates
      drop-down at the top of the page.
    2. Add
      a User-ID Agent and give it a
      Name
      .
    3. Select
      Host and Port
      .
    4. Enter the IP address of the MGT interface or service route that the firewall uses to send user mappings in the
      Host
      field.
      For the MGT interface, you can enter a hostname instead of the IP address.
    5. Enter the
      Collector Name
      and
      Collector Pre-Shared Key
      , using the values for the collector you used for the on-premises firewall in Step 1.
    6. Select
      IP User Mappings
      .
    7. Click
      OK
      .

Recommended For You