Book Image

Securing Remote Access in Palo Alto Networks

By : Tom Piens aka Piens aka 'reaper'
Book Image

Securing Remote Access in Palo Alto Networks

By: Tom Piens aka Piens aka 'reaper'

Overview of this book

This book builds on the content found in Mastering Palo Alto Networks, focusing on the different methods of establishing remote connectivity, automating log actions, and protecting against phishing attacks through user credential detection. Complete with step-by-step instructions, practical examples, and troubleshooting tips, you will gain a solid understanding of how to configure and deploy Palo Alto Networks remote access products. As you advance, you will learn how to design, deploy, and troubleshoot large-scale end-to-end user VPNs. Later, you will explore new features and discover how to incorporate them into your environment. By the end of this Palo Alto Networks book, you will have mastered the skills needed to design and configure SASE-compliant remote connectivity and prevent credential theft with credential detection.
Table of Contents (11 chapters)
1
Section 1: Leveraging the Cloud and Enabling Remote Access
6
Section 2: Tools, Troubleshooting, and Best Practices

Troubleshooting User-ID

User-ID is the mechanism used to match a user by their username to an Internet Protocol (IP) address they are using on their mobile device, laptop, kiosk, or any other device or appliance they may be able to log on to. Additionally, by mapping a person by their username, membership to certain groups can be used to allow or block the user's access to resources.

There are many ways to map users to an IP address and there are many ways mapping may fail or behave unexpectedly. Luckily, troubleshooting is usually a case of deduction.

Users are not being mapped

The first thing we should verify when troubleshooting User-ID issues is that user-to-IP mappings actually exist. We can check for existing mappings with the following command:

reaper@PANgurus> show user ip-user-mapping all
IP  Vsys From User IdleTimeout(s) MaxTimeout(s)
-- ----- ---- ---- -------------- -------------
Total: 0 users

There are several reasons why mapping may...