Palo Alto Networks Knowledgebase: User-ID Agent Access Control List

User-ID Agent Access Control List

5914
Created On 09/25/18 19:25 PM - Last Updated 02/08/19 00:01 AM
User-ID
Resolution

Details

The User-ID Agent Access Control List is located under User Identification > Setup > Access Control list in the Palo Alto Networks User-ID Agent running on the Windows server.

 

The Access Control List allows configuring Palo Alto Networks firewalls to connect to the User-ID agent. In addition, it allows restricting unauthorized access to the agent from a non Palo Alto Networks device IP address. Access is controlled with allow and/or deny ACLs tied to a source IP address range. The ACLs are processed from top to bottom, just like a security policy on a firewall.

Done_ACL.PNG

 

Click "Add" and the following window appears. Following is an example of an entry with IP address range format for a single IP address.

UserIDAgentACL1.PNG

 

In the following example:

  • The firewall with IP address of 172.0.0.10 can access the User-ID Agent.
  • The firewall with IP address of 172.0.200.10 can access the User-ID Agent.
  • All other private IP addresses (RFC1918) are not allowed to contact the User-ID Agent.

UserIDAgentACL2.PNG

 

owner: shasnain



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClYICA0&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language