Error:
An unexpected error occurred. Please click Reload to try again.
Error:
An unexpected error occurred. Please click Reload to try again.
User-ID IP Mapping is not working with Jumpcloud LDAP - Knowledge Base - Palo Alto Networks

User-ID IP Mapping is not working with Jumpcloud LDAP

8314
Created On 07/21/21 17:46 PM - Last Modified 06/12/23 13:52 PM


Symptom


User-ID IP mapping is not working with Jumpcloud LDAP

Environment


You may have followed the Jumpcloud KB article to integrate Jumpcloud LDAP with the Palo Alto firewall:
Configuring a Palo Alto Networks Firewall to use JumpCloud's LDAP-as-a-Service


Cause


The Jumpcloud LDAP integration with Palo Alto is used for authentication and feeding group-mapping information.

Jumpcloud cannot be used for User-ID IP mappings, as is the case for any LDAP service. This diagram from the User-ID Overview page, shows the relationship between User-ID sources and where they feed into.

User-ID Overview (paloaltonetworks.com)
User-added image


LDAP is a directory and typically does not contain the necessary information required to generate an IP to User mapping.

When an agent integrates with an Active Directory source, for example, the agent queries security event logs on domain controllers to retrieve this information. Jumpcloud is not actually an Active Directory/Windows service, and has no other means of sending  the information, there is no way to generate an IP mapping.



Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000oMLuCAM&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language