Some applications do not send the public client IP address using the standard RADIUS attribute Calling-Station-Id. This might cause the public client IP not to show up in Authentication Logs.
One of these applications is Palo Alto, which uses a new RADIUS attribute containing the client IP address - PaloAlto-Client-Source-IP.
The PaloAlto-Client-Source-IP attribute was introduced in PAN-OS v7. So, this solution only works for SSL VPN devices from Palo Alto Networks that run on PAN-OS version 7.0.1 or higher.
How to enable the public client IP for Palo Alto?
To enable the client IP attribute PaloAlto-Client-Source-IP:
Access the administration shell of the PA device:
set authentication radius-vsa-on client-source-ip
Edit the rublonauthproxy/config/config.json file and change client_ip_attr to paloalto.
Restart the Rublon Authentication Proxy service for the changes to take effect.
Palo Alto should now send the public client IP address properly. Rublon will display it in Authentication Logs.
Helpful Links
Why does the public client IP not show up in Authentication Logs?
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article