04-08-2018 06:16 AM
Hi Expert ,
I found issue about UIA which some user logon into network sometime IP mapping user long time or sometime not mapping I must use clear user mapping and every time and ip map user on AD , I would like to know why user mapping longtime or not mapping show unknow however , I config cache User Identification Timeout (min) 720 min already why long time
04-09-2018 12:53 AM
hi @Pattarachai
could you elaborate on your configuration and the time you see users being identified ?
if you have userID cache enabled for 720 minutes, a mapping should remain for 12 hours at which time it is cleared
if a user is showing up as unknown you'll need to verify if the user exists on the UIDagent, and if the ActiveDirectory has a succesfull logon event in the event log
04-09-2018 02:14 AM - edited 04-09-2018 02:16 AM
you also need to clear the management plane cache
>clear user-cache-mp ip
this will remove all entries from the firewall, but as long as the user is still listed in the userIDagent, the firewall will simply re-fetch the info and repopulate it's cache
this article may help : https://live.paloaltonetworks.com/t5/Featured-Articles/Getting-Started-User-ID/ta-p/69321
04-09-2018 02:31 AM
hi @Pattarachai
I'll need more information on what exactly you are trying to achieve as I'm uncertain at this point
Please provide more details about what you see and what should be different or you expect to happen
you should not be using that cli command every time (as it is a debug command), so what enticed you to start using it so frequently
you mentioned you have the timeout set to 720, what are your objectives? if users need to be cleared sooner, you should set the timeout lower
04-09-2018 03:49 AM
Hi @reaper
Ok I will explain which before I use PAN-OS 7.1.10 Model:3020 everything normally and later I have upgrade PAN-OS from 7.1.10 as 7.1.16 after upgrade found some user login on pc into a network via AD-User found issue IP doesn't mapping user and therefore use cli debug command
04-10-2018 08:35 PM
Hi @reaper
As we to test again and forecasts whether about software issue because UIA mapping all user but when show user mapping on firewall with use " cli "show user ip-user-mapping ip (ip issue)" is found not map show uknow but UIA mapping and try to use "show log userid ip issue " found UIA sending map I'm not sure user-id on firewall as issue or not
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
