https://live.paloaltonetworks.com/t5/general-topics/re-user-id-agent-issues/m-p/241152#M69084 <BLOCKQUOTE><HR /><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/91991">@Sanssj</a>&nbsp;wrote:<BR /><P>&nbsp;</P><P>&nbsp;</P><P>We are using&nbsp; windows user-id agent for parsing the user and user group mapping info. often i see in the logs that the user is being not recognized and hitting the deny rule.&nbsp; after couple of minutes it starts recognizing the user and allows the traffic</P><P>&nbsp;</P><P>...<BR />&nbsp;</P><HR /></BLOCKQUOTE><P>I can come up with at least 3 different reasons as to why this could be happening from my own experience, but that might not be the case for you.&nbsp; Can you elaborate&nbsp;on your auth set up more?&nbsp; Have you tried looking into the aging timers and comparing that to the users that are having issues?</P> Mon, 26 Nov 2018 13:48:43 GMT Brandon_Wertz 2018-11-26T13:48:43Z https://live.paloaltonetworks.com/t5/general-topics/re-user-id-agent-issues/m-p/241083#M69061 <P>&nbsp;</P><P>&nbsp;</P><P>We are using&nbsp; windows user-id agent for parsing the user and user group mapping info. often i see in the logs that the user is being not recognized and hitting the deny rule.&nbsp; after couple of minutes it starts recognizing the user and allows the traffic i am skeptical what could be the reason for this disparity.&nbsp; why would any user info and user group mapping info go stale.&nbsp;<BR /><BR /><BR />on a different note given the limitation of 10000 user group limitation on PAN&nbsp;what would be best go to approach to overcome this shortage.<BR /><BR />Thanks&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Sun, 25 Nov 2018 07:28:26 GMT https://live.paloaltonetworks.com/t5/general-topics/re-user-id-agent-issues/m-p/241083#M69061 Sanssj 2018-11-25T07:28:26Z https://live.paloaltonetworks.com/t5/general-topics/re-user-id-agent-issues/m-p/241092#M69063 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/91991">@Sanssj</a>,</P><P>It really depends on how often you have the user-id agent reading the logs, and how often you have the firewall polling your user-id agent. Multiple things to look at here depending on how/when exactly you are running into the issue. Could be anything from the user-id being aged out on the firewall, to logging events not being generated due to where you are pulling the information and your users are just constantly using cached credentials.&nbsp;</P><P>As for the 10,000 user group limitation, when exactly do you think you'll actually have to deal with this limitation? Most companies really don't have to deal with this and don't utilize 10,000 groups in their security policies. If you do, then you break it out to the groups that would actively be utilized on that particular firewall. I've never seen a deployment that couldn't work around the limitations.&nbsp;</P> Sun, 25 Nov 2018 16:58:37 GMT https://live.paloaltonetworks.com/t5/general-topics/re-user-id-agent-issues/m-p/241092#M69063 BPry 2018-11-25T16:58:37Z https://live.paloaltonetworks.com/t5/general-topics/re-user-id-agent-issues/m-p/241152#M69084 <BLOCKQUOTE><HR /><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/91991">@Sanssj</a>&nbsp;wrote:<BR /><P>&nbsp;</P><P>&nbsp;</P><P>We are using&nbsp; windows user-id agent for parsing the user and user group mapping info. often i see in the logs that the user is being not recognized and hitting the deny rule.&nbsp; after couple of minutes it starts recognizing the user and allows the traffic</P><P>&nbsp;</P><P>...<BR />&nbsp;</P><HR /></BLOCKQUOTE><P>I can come up with at least 3 different reasons as to why this could be happening from my own experience, but that might not be the case for you.&nbsp; Can you elaborate&nbsp;on your auth set up more?&nbsp; Have you tried looking into the aging timers and comparing that to the users that are having issues?</P> Mon, 26 Nov 2018 13:48:43 GMT https://live.paloaltonetworks.com/t5/general-topics/re-user-id-agent-issues/m-p/241152#M69084 Brandon_Wertz 2018-11-26T13:48:43Z