logged in user are sent to captive portal

Reply
Highlighted
L4 Transporter

logged in user are sent to captive portal

hey

we have a situation the loggen in users are sent to the captive portal. event a few minutes or an hour after they have logged in to the conuter.

1) when this is happaning then the ip-user mapping shows no user for the IP

2) we cant simulate this behaviour

3) we played arround with the ip-port mapping timeouts

4) client probing is turned on and we verified that the PA user can see the logged in user user wmi

5) we dont have problems in recognizing ip-user mapping in the environment

7) we user agentless userID

8) we user 5.0.5 pa 500

questions

1) do you have any idea what may cause this?

2) how can i turn on debugs on the userID and captive portal so i can see why the PA drop/doesnt have the user-ip mapping when this will occure again

3) if the IP is not recognized by pa that a user is logged in to it from the AD security log for some reason, why doesnt it use the client probing for checking the logged in user?

will appriciate any help for solving this issue until i will open a case

thanks

dor

Tags (1)
L6 Presenter

Re: logged in user are sent to captive portal

what did you configure timeout value in user id ? (default 45 minutes)

L4 Transporter

Re: logged in user are sent to captive portal

we tried also 90 minutes for a period and it still happaned again

L6 Presenter

Re: logged in user are sent to captive portal

Do you still have issues when probing is off ?

L4 Transporter

Re: logged in user are sent to captive portal

didnt try turning of probing.

i will be at the customer site tommorow, for trying and testing everything, can you give me more troubelshooting tips?

L4 Transporter

Re: logged in user are sent to captive portal

to test the probing we tried to run a cms with runas and then use the wmi command that is mention in some documents on a machine the was sent to the captive portal, and we get the logged in user correctly

L6 Presenter

Re: logged in user are sent to captive portal

it is not normal if user gets a webform in a few minutes(Although user is Active Directory user)

This happens if wmi fails.

Check if all DC is connected with firewall

if issue goes on, try to install user id agent on a PC and do not use agentless system.Troubleshooting on agent is better.

L4 Transporter

Re: logged in user are sent to captive portal

ok. i am at the customer site and:

1) i found that probing was disabled

2) i try to turn it on and clear my ip-user mapping information for my station, should PA try and quary my station for my user or not?

L4 Transporter

Re: logged in user are sent to captive portal

how can i view the probing logs from the paloalto cli??

L6 Presenter

Re: logged in user are sent to captive portal

debug user-id dump probing-stats

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!