Palo Alto Networks Knowledgebase: User-ID Agent Access Control List
User-ID Agent Access Control List
Created On 09/25/18 19:25 PM - Last Updated 02/08/19 00:01 AM
The User-ID Agent Access Control List is located under User Identification > Setup > Access Control list in the Palo Alto Networks User-ID Agent running on the Windows server.
The Access Control List allows configuring Palo Alto Networks firewalls to connect to the User-ID agent. In addition, it allows restricting unauthorized access to the agent from a non Palo Alto Networks device IP address. Access is controlled with allow and/or deny ACLs tied to a source IP address range. The ACLs are processed from top to bottom, just like a security policy on a firewall.
Click "Add" and the following window appears. Following is an example of an entry with IP address range format for a single IP address.
In the following example:
The firewall with IP address of 188.8.131.52 can access the User-ID Agent.
The firewall with IP address of 184.108.40.206 can access the User-ID Agent.
All other private IP addresses (RFC1918) are not allowed to contact the User-ID Agent.