Firewall fails to map IP address to usernames for GlobalProtect users

Firewall fails to map IP address to usernames for GlobalProtect users

1595
Created On 11/03/20 17:45 PM - Last Modified 06/24/25 02:47 AM


Symptom


  • Non-GP Firewall is connected to User-ID agent containing IP-to-user mappings for domain-joined users.
  • Non-domain users connect to GP Gateway Firewall where IP-to-user mappings are created.
  • GP mappings are not visible on non-GP Firewall that is behind the Gateway Firewall.

Environment


  • Palo Alto Firewalls
  • Supported PAN-OS
  • GlobalProtect (GP) Gateway
  • User-ID Redistribution

Cause


User-ID redistribution needs to be configured.

Resolution


  1. Non-GP Firewall can receive GP mappings from Gateway Firewall using User-ID Redistribution.
  2. Step 4  in the above document shows the Collector settings that need to be configured in Gateway Firewall.
  3. Step 2 shows adding the Gateway Firewall as Redistribution agent on non-GP Firewall to receives the mappings.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HBV1CAO&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language