PAN agent Group cache on PAN

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

PAN agent Group cache on PAN

L3 Networker

Hello, I'm using PAN OS 3.0.5 and doing

> debug device-server dump user-group name

followed b the tab I'm seing very old group that are not anymore in the Filter group member of the pan-agent. It seams that the PAN have cached the olds user/group relation. There is the way to force a clear of the group <-> user relation on the PAN FW ?

7 REPLIES 7

L4 Transporter

You can clear the cache for this information with the following commands:

> debug dataplane reset user-cache
   > all   Reset all ip to user cache in data plane
   > ip    Reset the specified ip to user cache in data plane

thanks,

Stephen

The command above seams the delete only ip <-> user mapping.

I'd like to delete user <-> group mapping that seams to be still on chache cause I see very old group that I'm not using since month.

command -> debug device-server dump user-group name

The "Stale" content could be coming from the UIA.  You can check this by looking at the cache files in the UIA Installation Directory - typically under "Program Files".

Regards

James

What about on 4.x.x versions where the group information comes from the Firewall itself?

You can clear the group cache on 4.1.x by doing the following:

> debug user-id clear group all

You can then force a group refresh:

> debug user-id refresh group-mapping all

-Jason

Thank you, that was what I needed.

Exactly the answer I was looking for to address my issue.  I had duplicated groups listed from the PANuserAgent after installing the new USERIDagent and it was causing issues with classification.  Clearing out the groups and refreshing them fixed the issue.

Justin

  • 4188 Views
  • 7 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!