Hello, I'm using PAN OS 3.0.5 and doing
> debug device-server dump user-group name
followed b the tab I'm seing very old group that are not anymore in the Filter group member of the pan-agent. It seams that the PAN have cached the olds user/group relation. There is the way to force a clear of the group <-> user relation on the PAN FW ?
You can clear the cache for this information with the following commands:
> debug dataplane reset user-cache
> all Reset all ip to user cache in data plane
> ip Reset the specified ip to user cache in data plane
The command above seams the delete only ip <-> user mapping.
I'd like to delete user <-> group mapping that seams to be still on chache cause I see very old group that I'm not using since month.
command -> debug device-server dump user-group name
The "Stale" content could be coming from the UIA. You can check this by looking at the cache files in the UIA Installation Directory - typically under "Program Files".
You can clear the group cache on 4.1.x by doing the following:
> debug user-id clear group all
You can then force a group refresh:
> debug user-id refresh group-mapping all
Exactly the answer I was looking for to address my issue. I had duplicated groups listed from the PANuserAgent after installing the new USERIDagent and it was causing issues with classification. Clearing out the groups and refreshing them fixed the issue.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!