Nugget Post : Quick USER ID tip for palo alto admins
You’re a Palo Alto firewall administrator, and you’ve setup USER ID to identify all your users and write user-based firewall policies.
Problem: some users have linux laptops and do not login to the domain, others are windows users that the USER ID system simply does not pick up.
1. Create a read only (possibly empty) share on your fileserver
2. Have your linux users write a startup script that just mounts this fileshare, and similarly for windows users, to have every user access the fileshare at least once throughout their day.
3. Install the PaloAlto user agent, and make sure “enable server session read” is enabled
You’re good to go
Any problematic users simply need to visit your share to get identified and be granted/denied access by your user based policies