We have Pan Agents running on 2 servers - querying against the same list of AD controllers. Is there a precedence that the PAN devices will utilize if the Pan Agent logs have 2 entries for the same IP - but not the same user - or none?
For instance one Pan agent has a listing of "192.168.1.10 to _unknown_" and the second Pan Agent has "192.168.1.10 to domain\me". Which would take precedence as the logged in user?
We are having this inconsistance because we have Netbios scanning disabled (services are disabled on our image). I understand how this is happening (a small handful of users do not log directly into the domain - so we get some inconsistancies since Netbios is not checking). However, it appears last known actual domain "user" login wins over "_unknown_". Is that a true statement?
Thanks so much.
Solved! Go to Solution.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!