How to remove the commit warning message, "does not have 'enable-user-identification' turned on for globalprotect gateway"
Screenshot of the error message:
Warning: Zone '[name]' does not have 'enable-user-identification' turned on for globalprotect gateway '[name]'
- From the Web GUI, navigate to Network > Zones
- Select the zone which the error is presenting the warning. In this case, it is the zone called 'GP-Zone'
- Under the section User Identification ACL, check the Enable User Identification box.
- Commit the firewall configuration. Successful commits should now be going through without the 'enable-user-identification' warning
The message is a 'Warning' and can be disregarded if Global Protect users do not need a ip-user-mapping.
By enabling the user-identification feature on the Global Protect zone, the firewall will do ip-user-mappings for logged in users via Global Protect. The mappings can then be used for source user based policy and traffic logging and reporting.
Note: Only enable User-ID on trusted zones.