currently, we are facing with a strange issue related to user agent. Scenario is that, once the user login to his/her laptop then tries to surf, e/she will get dropped by the firewall. After further investigation, we found that the time the firewall takes to identify the user agent causing the issue.
in other words, user logs in to the laptop try to surf to the internet drops, then about 5-10min later user is now identified. also, our usage to use the internet via the firewall has increase a lot.
so, my question would be, how can we delay the process to identify the user by the firewall, are there any tweaks where we could make some changes. At the moment on user-identification the timers are default (45min for cache )
thanks in advance
Hi @Shadow ,
Timers such as 'Security Log Monitor Frequency' is found on the agent.
the issue was too many user mapping been used, max is 100 which could be handled by the firewall and currently 4xx been used.
credit to : Birk Hageloh (PA TAC)
hope this would help someone in the feature
Hi @Shadow ,
Great news that it's fixed now !
Max 100 user mappings ? I believe the smallest platform can handle 64000 mappings ?
Or did you mean a maximum of 100 user-ID-agents ? As explained here :
Are you sure about that link that you added ? It's about PBF :)
Can you clarify ?
its about : Unknown IP Rate Limit Mitigation for User-ID Mappings, sorry if I have posted the incorrect link:
If I havent explained on my initial comment.
user logs in to the AD, tries to access the internet, get dropped by the firewall, then after a while(~10-15min) they can access the internet.
we saw the following in the live logs
pan user id agent_update_unknown_ip_rate_limit: Unknown IP rate is now 101.
when it hits above 100 user get match to the incorrect policy(hence the drop)
once again apologies for false information on my last comment
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!