How to remove the commit warning message, "does not have 'enable-user-identification' turned on for globalprotect gateway"

How to remove the commit warning message, "does not have 'enable-user-identification' turned on for globalprotect gateway"

10623
Created On 12/14/18 22:07 PM - Last Modified 02/08/19 21:25 PM


Objective
Screenshot of the error message:
Commit warning message
Warning: Zone '[name]' does not have 'enable-user-identification' turned on for globalprotect gateway '[name]'


Environment
  • Globalprotect


Procedure
Steps:
  1. From the Web GUI, navigate to Network > Zones
  2. Select the zone which the error is presenting the warning. In this case, it is the zone called 'GP-Zone'
  3. Under the section User Identification ACL, check the Enable User Identification box.
Checkbox for User-ID enable
  1. Commit the firewall configuration. Successful commits should now be going through without the 'enable-user-identification' warning
Commit successful with no warnings


Additional Information

The message is a 'Warning' and can be disregarded if Global Protect users do not need a ip-user-mapping.
By enabling the user-identification feature on the Global Protect zone, the firewall will do ip-user-mappings for logged in users via Global Protect. The mappings can then be used for source user based policy and traffic logging and reporting.

Note: Only enable User-ID on trusted zones.
(https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVPCA0)



Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/kCSArticleDetail?id=kA10g000000CmSD&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FkCSArticleDetail

Attachments