Hello Experts,
Some background:
We are running Windows 7 and 7 SP1 mix (one or 2 XP machines as well) integrated with a single AD forest/domain - all standard stuff.
However, we have a new Palo Alto firewall and are trying to integrate this with some user-based rulesets - bottom line here is that we cannot use the built-in PANid to retrieve the user details from AD (BW intensive), so we need to use something else as apparently it does not support Kerberos. The only other options are NTLMv2 or an agent (Not keen on the last option)
So the question is: How can we force a user to establish a NLTMv2 'session' with the firewall? We're not sure how long the session will be cached for (on the PA), so we could be looking at a logon script, or a scheduled task we could deploy.
Sorry there's not much detail, I don't have much experience with NTLMv2. One last point, if anyone know is would any potential solution also work on a server?
Thanks in advance - happy to expand if needed.