https://live.paloaltonetworks.com/t5/general-topics/security-policies-did-not-take-effect-after-sleep-mode/m-p/32469#M23795 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>One good test to to check whether the PA loses the Ip-user mapping up on switching the laptop to sleep mode ( which is the reason why the user does not hit the policy created for him), we could check the ip-user mapping table on the PA using the command.</P><P></P><P>&gt;&gt;show user ip-user-mapping all.</P><P></P><P>That will give us a better indication of how to avoid that.</P><P></P><P>I would understand why a log off and log on would reinstate the mapping considering the fact the PA will look at the event logs of the DC to track LOG ON success events to enumerate user to ip mapping</P></BODY></HTML> Wed, 03 Jul 2013 16:51:43 GMT Chatri 2013-07-03T16:51:43Z https://live.paloaltonetworks.com/t5/general-topics/security-policies-did-not-take-effect-after-sleep-mode/m-p/32468#M23794 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Just like to find out if there is a known&nbsp; issue with Palo Alto and Windows 8 for direct internet policy.&nbsp; Currently, we have defined a policy in PA to allow AD user to connect to internet.&nbsp; However, based on my observation, once my notebook goes to sleep mode, then wake up, then login the policy doesn’t seem to take effect.&nbsp; To gain direct internet access what I need to do is to log off then log in again.</P><P></P><P>Thanks,</P><P>Xer</P></BODY></HTML> Wed, 03 Jul 2013 16:35:42 GMT https://live.paloaltonetworks.com/t5/general-topics/security-policies-did-not-take-effect-after-sleep-mode/m-p/32468#M23794 mbs.admin 2013-07-03T16:35:42Z https://live.paloaltonetworks.com/t5/general-topics/security-policies-did-not-take-effect-after-sleep-mode/m-p/32469#M23795 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>One good test to to check whether the PA loses the Ip-user mapping up on switching the laptop to sleep mode ( which is the reason why the user does not hit the policy created for him), we could check the ip-user mapping table on the PA using the command.</P><P></P><P>&gt;&gt;show user ip-user-mapping all.</P><P></P><P>That will give us a better indication of how to avoid that.</P><P></P><P>I would understand why a log off and log on would reinstate the mapping considering the fact the PA will look at the event logs of the DC to track LOG ON success events to enumerate user to ip mapping</P></BODY></HTML> Wed, 03 Jul 2013 16:51:43 GMT https://live.paloaltonetworks.com/t5/general-topics/security-policies-did-not-take-effect-after-sleep-mode/m-p/32469#M23795 Chatri 2013-07-03T16:51:43Z https://live.paloaltonetworks.com/t5/general-topics/security-policies-did-not-take-effect-after-sleep-mode/m-p/32470#M23796 <HTML><HEAD></HEAD><BODY><P>Hi Chatri,</P><P></P><P>Thanks for the reply.</P><P></P><P>I'm just wondering why PA lost the ip-user-mapping considering that the user didn't logged off? Isn't it a bug in PA?</P></BODY></HTML> Wed, 03 Jul 2013 17:14:21 GMT https://live.paloaltonetworks.com/t5/general-topics/security-policies-did-not-take-effect-after-sleep-mode/m-p/32470#M23796 mbs.admin 2013-07-03T17:14:21Z https://live.paloaltonetworks.com/t5/general-topics/security-policies-did-not-take-effect-after-sleep-mode/m-p/32471#M23797 <HTML><HEAD></HEAD><BODY><P>Hi Xer,</P><P></P><P></P><P>The Palo Alto will will not know if the device is in sleep mode or not.</P><P></P><P>The Palo Alto will only look at four event Ids in the security logs of the domain controller to get the mappings ( all four event IDs correspond to log on events, the PA does not see the Log off events).</P><P></P><P>But yes, having said that when the PC is turned on from the sleep mode the DC should record an event of the user getting logged on and the PA should get the mapping back.</P><P></P><P>It wont be a bad idea to open up a TAC case to see what exactly is causing the mapping to be lost.</P><P></P><P>I hope that is helpful.</P></BODY></HTML> Wed, 03 Jul 2013 17:21:50 GMT https://live.paloaltonetworks.com/t5/general-topics/security-policies-did-not-take-effect-after-sleep-mode/m-p/32471#M23797 Chatri 2013-07-03T17:21:50Z https://live.paloaltonetworks.com/t5/general-topics/security-policies-did-not-take-effect-after-sleep-mode/m-p/32472#M23798 <HTML><HEAD></HEAD><BODY><P>Hi Chatri,</P><P></P><P>Thanks for the support. But, after further investigation we think the problem is the communication of PANAgent to Palo Alto Firewall. The connection is intermittent and if we issue a ping command, the connection is stable. I attached the screenshot I got from the system log. every 2 to 10 minutes the agent gets disconnected. Have you encountered this before?</P><P></P><P>Thanks.</P><P><IMG alt="PANAgent.jpg" class="jive-image-thumbnail jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/7214_PANAgent.jpg" width="450" /></P></BODY></HTML> Mon, 08 Jul 2013 04:27:49 GMT https://live.paloaltonetworks.com/t5/general-topics/security-policies-did-not-take-effect-after-sleep-mode/m-p/32472#M23798 mbs.admin 2013-07-08T04:27:49Z