We are currently having a problem in one of our offices where random users IP to username mappings are intermittently showing as unknown on the PAN AD User ID Agent. It's not happening for everyone and the agents connectivity is ok with no errors.
We have a separate agent installed on separate dedicated domain servers (VM's) for each domain. The servers are all running on one domain but each agent has a service account for the relevant domain it services.
We have tried the following:
restarting the agents
restarting the servers
re-setting the connection from the PA device to the agents
double checked that all the DC's in the domain are listed within the agents
downgraded the PAN agent to 3.1.1 from 3.1.2 (problem still exists)
finally upgraded the PANOS to include a hotfix that apparently fixes the issue (problem still exists)
Does anyone have any other ideas?
Solved! Go to Solution.
if Pan Agent is using Netbios/WMI probing and the target workstations are using Windows firewall or have disabled Netbios/WMI, then your user-to-ip mapping will go to _unknown_ when the Netbios/WMI probe is unsuccessful.
let me know if that helps.
You may try to tick 'disable Netbios Probing' and change 600 minutes in Age-out Timeout in order to keep those users mapping valid in agent and firewall.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!