How to add an IP User Mapping on the Palo Alto Firewall using Command Line

How to add an IP User Mapping on the Palo Alto Firewall using Command Line

12289
Created On 07/05/19 04:26 AM - Last Modified 12/11/20 17:49 PM


Objective


  • Add an IP User Mapping on the Palo Alto Firewall.
  • This task can be accomplished by using the command line.
  • This feature can be used for a quick test without the need to actually setup User-id

Environment


  • Palo Alto Networks Firewall

Procedure


  1. To add an IP User mapping on the Palo Alto Firewall, the following command can be used :-
> set user-id data '<uid-message><version>2.0</version><vsys>vsys1</vsys><type>update</type><payload><login><entry name="domain\uid1"ip="10.1.1.2"timeout="20"/></login></payload></uid-message>'
  1. This command would add an ip-user-mapping as follows :-
admin@FW> show user ip-user-mapping all

IP                                            Vsys   From    User                             IdleTimeout(s) MaxTimeout(s)
--------------------------------------------- ------ ------- -------------------------------- -------------- -------------
10.1.1.2                                      vsys1  XMLAPI  domain\uid1                      1191           1191         
Total: 1 users
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PMHgCAO&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language