Issue User-ID Agent some user mapping long time

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Issue User-ID Agent some user mapping long time

L3 Networker

Hi Expert ,

 

I found issue about UIA which some user logon into network sometime IP   mapping user  long time or sometime not  mapping I must use clear user mapping and  every time and ip map user on AD  , I would like to know why user  mapping longtime or not mapping show unknow  however , I config cache  User Identification Timeout (min) 720 min already why long time 

 

 

7 REPLIES 7

Cyber Elite
Cyber Elite

hi @Pattarachai

 

could you elaborate on your configuration and the time you see users being identified ?

 

if you have userID cache enabled for 720 minutes, a mapping should remain for 12 hours at which time it is cleared

 

if a user is showing up as unknown you'll need to verify if the user exists on the UIDagent, and if the ActiveDirectory has a succesfull logon event in the event log

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

HI @reaper

 

I try to use  cli  "clear user-cache ip (user issue) and found ip mapping user on AD  

you also need to clear the management plane cache

>clear user-cache-mp ip 

 

 this will remove all entries from the firewall, but as long as the user is still listed in the userIDagent, the firewall will simply re-fetch the info and repopulate it's cache

 

this article may help : https://live.paloaltonetworks.com/t5/Featured-Articles/Getting-Started-User-ID/ta-p/69321

 

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

Hi @reaper

 

OK I got it about this thing but I don't understand  why I use this cli every time  

hi @Pattarachai

 

I'll need more information on what exactly you are trying to achieve as I'm uncertain at this point

 

Please provide more details about what you see and what should be different or you expect to happen

 

you should not be using that cli command every time (as it is a debug command), so what enticed you to start using it so frequently

 

you mentioned you have the timeout set to 720, what are your objectives? if users need to be cleared sooner, you should set the timeout lower

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

Hi @reaper

 

Ok I will explain which before I use  PAN-OS 7.1.10 Model:3020 everything normally and later I have upgrade PAN-OS from 7.1.10 as 7.1.16 after upgrade found some user login on pc into a network via AD-User found issue IP doesn't mapping user and therefore use cli  debug command  

 

Hi @reaper

 

As we to test again and forecasts whether about software issue because  UIA  mapping all user but when show user mapping on firewall with use " cli "show user ip-user-mapping ip (ip issue)"  is found not map show uknow but UIA mapping  and try to use "show log userid ip issue " found  UIA sending map I'm not sure user-id on firewall as issue or not

  • 4698 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!