https://live.paloaltonetworks.com/t5/general-topics/userid-exclude-not-working/m-p/28086#M20499 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>I have a problem where the 'User ID Exclude List' setting within the Zone setup on a Palo is not working.</P><P></P><P>I have set my UserID agents to collect events from all IP addresses, then want to filter them on the PA itself as this seems the most logical sequence.&nbsp; I initially only added the objects to the 'Include' list that I wanted to collect ID's from (Desktops) but it still pulled back user ID's from the servers, so I added specifi objects to the 'Exclude' section.&nbsp; This too failed.&nbsp; I have tried multiple combinations of include/excludes, using PA objects and direct IP subnets, and all fail - if the data is on the UserID agent cache, it is pulled into the firewall.</P><P></P><P>Has anyone else seen this? Am I misunderstanding this feature - even though the Help section is explicit in saying this is what it's for?</P><P></P><P>Cheers</P></BODY></HTML> Wed, 07 Mar 2012 21:58:02 GMT apackard 2012-03-07T21:58:02Z https://live.paloaltonetworks.com/t5/general-topics/userid-exclude-not-working/m-p/28086#M20499 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>I have a problem where the 'User ID Exclude List' setting within the Zone setup on a Palo is not working.</P><P></P><P>I have set my UserID agents to collect events from all IP addresses, then want to filter them on the PA itself as this seems the most logical sequence.&nbsp; I initially only added the objects to the 'Include' list that I wanted to collect ID's from (Desktops) but it still pulled back user ID's from the servers, so I added specifi objects to the 'Exclude' section.&nbsp; This too failed.&nbsp; I have tried multiple combinations of include/excludes, using PA objects and direct IP subnets, and all fail - if the data is on the UserID agent cache, it is pulled into the firewall.</P><P></P><P>Has anyone else seen this? Am I misunderstanding this feature - even though the Help section is explicit in saying this is what it's for?</P><P></P><P>Cheers</P></BODY></HTML> Wed, 07 Mar 2012 21:58:02 GMT https://live.paloaltonetworks.com/t5/general-topics/userid-exclude-not-working/m-p/28086#M20499 apackard 2012-03-07T21:58:02Z https://live.paloaltonetworks.com/t5/general-topics/userid-exclude-not-working/m-p/28087#M20500 <HTML><HEAD></HEAD><BODY><P>Hi...After you enter the IPs into the Exclude List, did you commit for the change to take effect?&nbsp; Also, you may want to clear the user cache via the CLI.</P><P></P><P>admin@PA-2050&gt; clear user-cache<BR />&gt; all&nbsp;&nbsp; Clear all ip to user cache in data plane<BR />&gt; ip&nbsp;&nbsp;&nbsp; Clear the specified ip to user cache in data plane</P><P></P><P>Thanks.</P></BODY></HTML> Wed, 07 Mar 2012 22:15:56 GMT https://live.paloaltonetworks.com/t5/general-topics/userid-exclude-not-working/m-p/28087#M20500 rmonvon 2012-03-07T22:15:56Z https://live.paloaltonetworks.com/t5/general-topics/userid-exclude-not-working/m-p/28088#M20501 <HTML><HEAD></HEAD><BODY><P>Thanks for the reply.</P><P></P><P>Yes, change committed on the Palo, user cache cleared via the CLI and Palo agents restarted for good measure.</P><P></P><P>None of the above stop IP addresses that are either explicitly excluded, nor implicity excluded, from being registered with the PA.</P><P></P><P><img id="smileysad" class="emoticon emoticon-smileysad" src="https://live.paloaltonetworks.com/i/smilies/16x16_smiley-sad.png" alt="Smiley Sad" title="Smiley Sad" /></P></BODY></HTML> Wed, 07 Mar 2012 22:37:27 GMT https://live.paloaltonetworks.com/t5/general-topics/userid-exclude-not-working/m-p/28088#M20501 apackard 2012-03-07T22:37:27Z https://live.paloaltonetworks.com/t5/general-topics/userid-exclude-not-working/m-p/28089#M20502 <HTML><HEAD></HEAD><BODY><P>Please open a case with support to have it reviewed in more details.&nbsp; Thanks.</P></BODY></HTML> Fri, 09 Mar 2012 00:01:24 GMT https://live.paloaltonetworks.com/t5/general-topics/userid-exclude-not-working/m-p/28089#M20502 rmonvon 2012-03-09T00:01:24Z