We configured Windows User Agent for the IP-to-User Mapping to apply the AD group based policy. User Agent is fine and IP-to-User lookup forwadred to firewall .
But the problem in the user format. Some user's mapped in the format of netbios\username ( AD\user1) and some of the user's mapped in the format of dnsdomainname\username ( AD.example.com\user1)..
How we can troubleshoot on this??
Thanks in Advance..
Which version of UIA are you using?
I hit same issue and it was a bug.
Fixed an issue where the User-ID agent failed to normalize usernames correctly before sending to firewalls when the usernames were in User Principle Name (UPN) format, which prevented PAN-OS 8.0 and earlier firewalls from enforcing policy as expected for those usernames.
This is fixed in UIA v8.1.4, so please try 8.1.4 or later (the latest version is 8.1.6)
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!