IP-user mapping is not seen on Firewall when the user is connected to internal gateway

IP-user mapping is not seen on Firewall when the user is connected to internal gateway

7618
Created On 10/20/23 22:14 PM - Last Modified 12/06/23 16:05 PM


Symptom


  • GlobalProtect application shows it is connected to internal gateway
  • The ip-user mapping  (show user ip-user-mapping all) for the user is not seen on the Firewall
detected internal
 
 

Environment


  • Palo Alto Firewalls
  • PAN-OS 9.1 and above
  • Globalprotect(GP) Internal Gateway
  • IP User Mapping
  • Globalprotect App

Cause


  • Firewall only has the ip-user mapping when the user is authenticated to the internal gateway
  • GP Application displaying "Connected-Internal" status does not mean the user is authenticated

Resolution


  1. Verify the Globalprotect application is actually connected and authenticated to the internal gateway. Details below
  2. Below Globalprotect app version, 6.0.x, authenticated internal gateway information is available under the Connection tab. Make sure authenticated is "Yes"
internal gateway authentication yes
  1. From GlobalProtect app version 6.0.x and above gateway information has been moved under Host Information Profile
    • Click on Host Information Profile
    • On the right side, click on More Details 
    • Last Checking time provides the authenticated time
host information profile screenshot


screenshot for internal gateway connection
  1. If the user is not authenticated to the internal gateway troubleshoot why the connection and the authentication are failing
 
 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000Xh08CAC&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language