04-09-2012 11:52 PM
Hi,
I'm having problems in resolving IP address to usernames. PA2050 is integrated with active directory to resolve IP address to usernames. We also create security policies based on usernames. This configuration works great in version 3.1.6 but after the upgrade to version 4.1.4 we encountered errors. Some IP addresses are unable to resolve to their corresponding usernames. So, the policy that should be applied for specific users are ineffective.
Please help.
Thanks,
Rex
04-23-2012 08:00 PM
Hi ITS,
The version of PAN-OS and PAN Agent are already ver4.1.4 but still same problem. I also notice that sometimes the usernames were resolved and sometimes not, it's intermittent. Has anyone experience this before?
Thanks.
04-23-2012 10:14 PM
Hello,
There could really be a lot of causes for this. First, I'd look over this very useful document if you haven't already.
https://live.paloaltonetworks.com/docs/DOC-2019
It goes over the needed steps when upgrading the agent like you've done.
After all of that is veriifed and looks okay, get a ssh session on the firewall and run:
> show user ip-user-mapping all
If you don't see any mappings there, goto the UID agent on your Windows server and see if it has any mappings. It's important to know where the lack of mappings is happening at for troubleshooting.
Thanks,
Jason
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
