Why shoud I use user-id firewall rules?

However, for more sensitive applications you can reduce your attack surface by ensuring that only users who need these applications can access them. For example, while IT support personnel may legitimately need access to remote desktop applications, the majority of your users do not.

Logging, reporting, forensics -If a security incident occurs, forensics analysis and reporting based on user information rather than just IP addresses provides a more complete picture of the incident. For example, you can use the pre‐defined User/Group Activity to see a summary of the web activity of individual users or user groups, or the SaaS Application Usage report to see which users are transferring the most data over unsanctioned SaaS applications.

Requirements

To successfully utilize User-ID based access you must configure the following:

User Mapping: You can utilize the local users from the firewall, the caveat to that is that local users will give you limited access features, unlike the use of windows directory or LDAP servers. You need to map your users from your LDAP server (Windows AD / Cloud LDAP / OpenLDAP). You also have to create an authentication profile. I will show you how to do this in another article.

Group Mapping: You also have to map the groups from your LDAP server (Windows AD / Cloud LDAP / OpenLDAP). In order to map this you will need to create and LDAP profile.

Security Zones: You need to enable the use-id option on each zone that you want to use this feature on.

Disclaimer: The information posted here is informational only. Ricardo Gutierrez won’t be held liable for any mishaps, failures or any other negative outcome. It is the reader’s responsibility to make their own decisions and act on them.

Originally published at https://www.smartcloudcomputing.net on March 9, 2021.