05-29-2015 02:00 PM
We currently have a pair 5020s using LDAP for User-ID - up until about a week ago it was working.
I can see in the logs that the mappings are taking place, and the management plane mappings are there, however the data plane table is empty.
This is causing drops on policies which have User-ID as a stipulation.
Any ideas?
05-29-2015 04:33 PM
What PAN-OS version are you running and what is the Active device's uptime ?
Based on your description, I suspect Bug 64166, resolved in PAN-OS 6.0.4 and 5.0.14.
05-29-2015 03:54 PM
I don't see anything on this issue specifically, so here are some general thoughts.
Sounds like a bug. So I would make a quick search of the latest release notes for your PanOS chain and see if this is listed as a solved issue in a release higher than what you are running. If so, then upgrade. If not, open a ticket to get this registered as a bug and into the release chain.
For a quick fix on issues like this a restart of the management plane will sometimes restore service.
debug software restart management-server
05-29-2015 04:33 PM
What PAN-OS version are you running and what is the Active device's uptime ?
Based on your description, I suspect Bug 64166, resolved in PAN-OS 6.0.4 and 5.0.14.
05-30-2015 06:30 AM
Thanks for doing the bug search and providing the ID.
06-01-2015 04:34 AM
Thanks guys, that bug looks exactly like the issue - we're running 6.0.2 with 400 days of update as of this morning.
We'll get'er upgraded and I'll shoot back if it doesn't resolve it but I have a feeling it will.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
