User-id not updating mappings fast enough

We have 2 user-agents deployed that read the AD logs and the PA7050's connect to the user-agents. The agents are running 6.0.7-10 and the PA7050's running 6.1.4.

We are having a problem where mulitple machines across various networks are using a "gene

Integrated User-ID Agent vs. Windows Service?

We're running 5.1 right now and plan on upgrading to 6.1 over the next couple of days.

Historically we've used the Windows User Agent on two of our domain controllers, but today I switched to the on-board Integrated User-ID Agent and set it up, and ot

How do I create a browsing report thats easy for a CEO to read...

Hi,

I have been tasked with creating a report out of our Palo Alto firewall that shows the following.

For a period of 1 month

Users Hours\Sessions on a website

Top 20 visited websites.

Top 20 Categories.

We are using the user agent so all the data should b

User-ID ignore multiple users - agentless or agent

Hi,

I've got an installation with approx 70k+ users, where user-id is an important factor. I want to ignore all user with prefix adm or svc in the user name(admin and service accounts) from user-id, to avoid getting unwanted ip-user-mappings. I have t

Problem of Authenticating users on Cisco WLC integrated with Palo alto

dear all,

we have integrated our Cisco Wireless Controller with Palo alto Firewall, the problem is that some people, authenticated successfully on the network, but the username still not appeares on Palo alto, although i can found them on the WLC, th

Cisco Wireless Networks, ACS, Syslog-Senders, and AD Groups !

Hi,

I've worked out how to recover the User ID, or UID, from a wireless network logon by sending syslog messages from the Cisco Access Control Server, or ACS, to a syslog-sender configured on my firewall.

For wired connections I can recover UID and AD

Meru Integration with PANOS 6.1.5

HI Folks,

We're trying integrate our Meru system with Palo Alto Networks. but can't find any documentation.

As far as i can see we have two options:

- Radius

- Syslog feed straight to the PA device.

Has anyone created the regex's / parsers for Meru and Sy

Conditional URL Blocking

Hey guys...so I have a request  - Users in my company who are not up to speed on corporate training will be added to the "corp\DelinquentUsers" AD group.  I need to make sure that these guys are only allowed to go to 5 websites while they are part of

Agentless UserID in a MultiDomain Environment

My first question would be is it possible to configure a firewall with no vsys license to query more than one domain without deploying the UserID windows agent?

My second question would be if yes then how given that there is only 1 WMI authentication

Can User-ID agent 7.0 be used with PAN OS version 6.x?

I can't see anything in the documentation that mentions the requirements.

Can I update our existing User-ID agents to version 7.0 and have them still work without updating our firewall code (6.1.3 / 6.1.4) at the same time?

How to convince PAN to know UID mapping for all vsys

Hi,

We use multi-vsys and XMP API for UID. It works fine for vsys1. We use this sintax for login:

<uid-message>

     <version>1.0</version>

     <type>update</type>

     <payload>

          <login>

               <entry name="user1" ip="10.1.1.1" timeo