Agree with Reaper. We have a customer that turn off their security event logs on their DC's which breaks User-ID so will be implementing internal gateways and having GP installed on all machines as a workaround!
I have it set up for userID. Basically everything in my environment is BYOD, so have all user devices set up with GP to identify users. It allows my users to roam and be secure outside while not bothering them with CaptivePortal while internal
You can also use internal gateway with the GP client to do 2FA (depending on PAN-OS and GP client versions)
Also it can be used for GP client deployments onnet.
But typically doesn't do anything
Agree with Reaper. We have a customer that turn off their security event logs on their DC's which breaks User-ID so will be implementing internal gateways and having GP installed on all machines as a workaround!
To me it's more secure anyway!
I have it set up for userID. Basically everything in my environment is BYOD, so have all user devices set up with GP to identify users. It allows my users to roam and be secure outside while not bothering them with CaptivePortal while internal