topic traffic log did not display user information in Next-Generation Firewall Discussions

traffic log did not display user information

Felixcao — Fri, 12 Jul 2024 04:06:31 GMT

The customer uses GP to dial in and adopts LDAP authentication method.
After the customer dialed in normally, they accessed internal resources, but the source user colums in the traffic log did not display user information, which was normal before. The customer did not make any other changes, and the user id in the area was also checked.
How to investigate and what suggestions do you have。

or ：debug software restart process user-id ？

Re: traffic log did not display user information

reaper — Fri, 12 Jul 2024 09:55:49 GMT

typically there's 2 reasons this could happen:

- The zone that is used for the GP gateway tunnel interface does not have user-id enabled

- userid agent (or agentless) does not have an exclude for the GlobalProtect IP pool and is trying to refresh mapping from AD logs (which may or may not be there dependiong on what the user is doing). add an exclude for the IP pool should fix this issue

Re: traffic log did not display user information

Felixcao — Sun, 14 Jul 2024 10:51:18 GMT

hi cyber elite:

thanks you reply

typically there's 2 reasons this could happen:

- The zone that is used for the GP gateway tunnel interface does not have user-id enabled

i confirm the zone that is used for the GP gateway tunnel interface have user-id enabled

i don't understant it ,how to exclude for the ip pool fix this issue. ?

Re: traffic log did not display user information

reaper — Thu, 18 Jul 2024 08:29:06 GMT

the exclude will help prevent conflicts

GlobalProtect automatically teaches the firewall all the correct user-ids.

adding another user-id method for that subnet can only introduce complications