https://live.paloaltonetworks.com/t5/general-topics/user-id-limitations-for-distribution/m-p/474523#M103377 <P>Hi folks !</P><P>&nbsp;</P><P>Would like your advice on a specific issue about user-id limitations :&nbsp;</P><P>One of our customer is using one central firewall to redistribute user-id mapping to more than 100 devices, and has issues about user-id process crashing on the central fw.</P><P>As far as i understood limitations on user-id redistribution, there is a limit of 100 redistribution points <STRONG>beneath each firewall, </STRONG>which is not the case, as this central fw is retrieving infos from 2 user-id agents only. It just spreads these infos to more than one hundred devices. Each remote device only has like 3 layers beneath it.</P><P>So, is this normal behavior, or is there a trick here to make it work ?</P><P>&nbsp;</P><P>Subsidiary question, the windows user-id agent sometimes generates more than 150gb of traffic in a day (1gb maximum in normal times), if anyone has an idea <span class="lia-unicode-emoji" title=":winking_face:">😉</span></P><P>&nbsp;</P><P>Thx !</P><P>&nbsp;</P> Mon, 21 Mar 2022 06:42:11 GMT ssavariau 2022-03-21T06:42:11Z https://live.paloaltonetworks.com/t5/general-topics/user-id-limitations-for-distribution/m-p/474523#M103377 <P>Hi folks !</P><P>&nbsp;</P><P>Would like your advice on a specific issue about user-id limitations :&nbsp;</P><P>One of our customer is using one central firewall to redistribute user-id mapping to more than 100 devices, and has issues about user-id process crashing on the central fw.</P><P>As far as i understood limitations on user-id redistribution, there is a limit of 100 redistribution points <STRONG>beneath each firewall, </STRONG>which is not the case, as this central fw is retrieving infos from 2 user-id agents only. It just spreads these infos to more than one hundred devices. Each remote device only has like 3 layers beneath it.</P><P>So, is this normal behavior, or is there a trick here to make it work ?</P><P>&nbsp;</P><P>Subsidiary question, the windows user-id agent sometimes generates more than 150gb of traffic in a day (1gb maximum in normal times), if anyone has an idea <span class="lia-unicode-emoji" title=":winking_face:">😉</span></P><P>&nbsp;</P><P>Thx !</P><P>&nbsp;</P> Mon, 21 Mar 2022 06:42:11 GMT https://live.paloaltonetworks.com/t5/general-topics/user-id-limitations-for-distribution/m-p/474523#M103377 ssavariau 2022-03-21T06:42:11Z https://live.paloaltonetworks.com/t5/general-topics/user-id-limitations-for-distribution/m-p/475445#M103462 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/201291">@ssavariau</a> ,</P> <P>&nbsp;</P> <P>What hardware are you running and what PAN-OS version ?</P> <P>Have you checked the firewall logs for a root cause of the UID crashing ? Are there any core-files that can be analyzed ?</P> <P>&nbsp;</P> <P>Cheers,</P> <P>-Kiwi.</P> <DIV id="ConnectiveDocSignExtentionInstalled" data-extension-version="1.0.4">&nbsp;</DIV> Thu, 24 Mar 2022 09:05:48 GMT https://live.paloaltonetworks.com/t5/general-topics/user-id-limitations-for-distribution/m-p/475445#M103462 kiwi 2022-03-24T09:05:48Z https://live.paloaltonetworks.com/t5/general-topics/user-id-limitations-for-distribution/m-p/475466#M103467 <P>Hi Kiwi,</P><P>Firewalls are a 3220 for the hub, and 220s for spoke, running on PAN-OS 9.0.0</P><P>On the hub, distributord process was shown as running, but we still had to run CLI command&nbsp;"debug software restart process distributord" to make it functional again. At the time of this crash, an investigation was done, and that was the immediate solution found to correct it.</P><P>If we cannot spread user-id mapping to more than 100 devices from only one, we'll need to take a more hierarchical approach i think ?</P><P>Thx for your time !</P><P>&nbsp;</P><P>Cheers</P> Thu, 24 Mar 2022 09:35:50 GMT https://live.paloaltonetworks.com/t5/general-topics/user-id-limitations-for-distribution/m-p/475466#M103467 ssavariau 2022-03-24T09:35:50Z https://live.paloaltonetworks.com/t5/general-topics/user-id-limitations-for-distribution/m-p/475676#M103482 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/201291">@ssavariau</a>,</P><P>9.0 just went end of life at the beginning of this month, so you'll need to get these to 9.1 or higher sooner rather than later. If you choose to open a chase on the issue, they'll tell you to upgrade before continuing to troubleshoot I'm sure so be aware of that. If you upgrade to a supported release and run into the issue again, then you can open a TAC case and have them identify root cause on why the process locked up, it could easily be some bug in the process you're running into.&nbsp;</P> Fri, 25 Mar 2022 00:49:50 GMT https://live.paloaltonetworks.com/t5/general-topics/user-id-limitations-for-distribution/m-p/475676#M103482 BPry 2022-03-25T00:49:50Z