Logs from the FreeIPA server can be used with the Syslog receiver function of a PAN NGFW to send username to IP address mappings into User-ID and in turn be used to create policies based on the users identity. To extract the data from the logs you will need the parser shown below.

I could only find a log that matched up with a login (nothing for a logout) and it’s worth a mention that you may need to exclude some servers (like mail servers and file servers) from User-ID as you will see multiple logins from multiple users over a very short period of time.

VN:F [1.9.22_1171]
Thumbs up if this article helped you 🙂
Rating: +1 (from 1 vote)
FreeIPA to Palo Alto Networks Next Generation Firewall User-ID, 100% based on 1 rating

Leave a Reply

Your email address will not be published. Required fields are marked *