Issue with PAN-AGENT

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Issue with PAN-AGENT

L1 Bithead

Hi guys,

Pan-agent is not working as it should be.

When I run the statistics command, I get the following info:

admin@PA-500-BBDO> show user pan-agent statistics

Name             IP Address      Port    Vsys        State             Users  Grps  IPs       Activity Cnts Link Speed
----------------------------------------------------------------------------------------------------------------------
ADAgent        192.168.0.2     3033    vsys1       connected, ok     292    15    162       46595         fast

But, when I run the ip-user mapping command, I got the following info

admin@PA-500-BBDO> show user ip-user-mapping all

IP              Ident. By User                             Idle Timeout (s) Max. Timeout (s)
--------------- --------- -------------------------------- ---------------- ----------------
192.168.2.36    AD        bbdomexico\carmen-c              2083             2083
192.168.1.195   UNKNOWN   unknown                          296              1196
10.0.2.235      UNKNOWN   unknown                          128              428
192.168.1.3     AD        bbdomexico\ana-re                2083             2083
192.168.2.16    AD        bbdomexico\olmos_j               2083             2083
192.168.2.13    AD        bbdomexico\javier-b              2083             2083
192.168.0.7     AD        bbdomexico\backup1               2084             2084
192.168.2.101   UNKNOWN   unknown                          682              1582
192.168.2.99    AD        bbdomexico\proximity01           2083             2083
192.168.1.189   UNKNOWN   unknown                          234              1134
192.168.2.27    AD        bbdomexico\teresa-e              2083             2083
192.168.2.234   AD        bbdomexico\baruch-o              2448             2448
192.168.10.11   AD        bbdomexico\saul-s                2083             2083
192.168.1.158   AD        bbdomexico\chantal-o             2083             2083
192.168.2.47    AD        bbdomexico\beatriz-p             2083             2083
192.168.1.5     AD        bbdomexico\andres-c              2083             2083
192.168.2.233   UNKNOWN   unknown                          463              1363
192.168.2.18    AD        bbdomexico\manuel-c              2083             2083
.

.

.

.

192.168.1.127   UNKNOWN   unknown                          628              1528
192.168.10.67   AD        bbdomexico\omdresearch           2863             2863
Total: 193 users

I run the pan-agent user-IDs, and I got the next info

admin@PA-500-BBDO> show user pan-agent user-IDs

User Name                       Vsys    Groups
------------------------------------------------------------------
bbdomexico\antonio-mo           vsys1   bbdomexico\domain users
                                        bbdomexico\mailusers
                                        bbdomexico\omd
                                        bbdomexico\users
bbdomexico\tania-m              vsys1   bbdomexico\domain users
                                        bbdomexico\users
bbdomexico\jesus-g              vsys1   bbdomexico\domain users
                                        bbdomexico\mailusers
                                        bbdomexico\omd
                                        bbdomexico\users
bbdomexico\christian-s          vsys1   bbdomexico\domain users
                                        bbdomexico\users
bbdomexico\laura_r              vsys1   bbdomexico\domain users
                                        bbdomexico\users
bbdomexico\jorge-m              vsys1   bbdomexico\domain users
                                        bbdomexico\users
bbdomexico\antonio-a            vsys1   bbdomexico\domain users
                                        bbdomexico\users
bbdomexico\fabiola-s            vsys1   bbdomexico\domain users
                                        bbdomexico\users
bbdomexico\trainee03            vsys1   bbdomexico\domain users
                                        bbdomexico\users
bbdomexico\patricia-m           vsys1   bbdomexico\domain users
                                        bbdomexico\mailusers
                                        bbdomexico\omd
                                        bbdomexico\users
bbdomexico\sandra               vsys1   bbdomexico\domain users
                                        bbdomexico\users
bbdomexico\edgar-ri             vsys1   bbdomexico\domain users
                                        bbdomexico\users
bbdomexico\ana-h                vsys1   bbdomexico\domain users
                                        bbdomexico\users
bbdomexico\iusr_bbdodc3         vsys1   bbdomexico\domain users
                                        bbdomexico\users
bbdomexico\javier-e             vsys1   bbdomexico\domain users
                                        bbdomexico\trafico_
                                        bbdomexico\users
bbdomexico\luis-g               vsys1   bbdomexico\domain users
                                        bbdomexico\users
bbdomexico\trainee04            vsys1   bbdomexico\domain users
                                        bbdomexico\trafico_
                                        bbdomexico\users

This is happening due to a bug, or there is something else that I have to configure. Because, this is the fourth time in 8 months that this happens.

And PANTAC Support has no answer for it.

I have PAN OS 3.1.3

Hope you could help me.

Thanks in advance.

14 REPLIES 14

L3 Networker

Hello

Please check the following.

1. From the pan-agent enter the IP address that report unknown and see if it also reports the user as known.

192.168.1.195 UNKNOWN unknown

2. From the CLI type "show user ip-user-mapping ip 192.168.1.195". it should show AD user information.

3. Try stopping the PAN-AGENT and restarting it.

4. Try executing from CLI "debug device-server reset pan-agent all"

If the issue still exist let me know so we can maybe setup a web meeting to troubleshoot the issue.

Thanks

Al Camacho

Hi Al,

1. For IP 192.168.1.195 is working right now. But for instance, 192.168.2.101, in pan-agent I see the user as unknown, attached is the screenshot.

2. From cli-command, I have this info.

admin@PA-500-BBDO> show user ip-user-mapping ip 192.168.2.101

IP address:  192.168.2.101
User:        unknown
Ident. By:   UNKNOWN
Idle Timeout: 817s
Max. TTL:    1717s
Groups that user belong to (used in policy)

3. I have stoped and restarted the pan-agent, but it stills show me many users as unkown.

4. admin@PA-500-BBDO> debug device-server reset pan-agent all

Pan-agent reset all connections.

After I reset the connections, I see this info.

admin@PA-500-BBDO> show user ip-user-mapping ip 192.168.2.101

IP address:  192.168.2.101
User:        unknown
Ident. By:   UNKNOWN
Idle Timeout: 597s
Max. TTL:    1497s
Groups that user belong to (used in policy)

I see this info with another user,

admin@PA-500-BBDO> show user ip-user-mapping ip 192.168.1.3

IP address:  192.168.1.3
User:        bbdomexico\ana-re
Ident. By:   AD
Idle Timeout: 186s
Max. TTL:    186s
Groups that user belong to (used in policy)

But in pan-agent app, I see the users as unkown. Attached you will find the screenshot.

Is there anything else that I shoul do.

Thanks in advance.

Hello

At this point we might need to setup a web meeting so we can do more trouble shooting.

Please let me if you are free on Monday and what time works.

Thanks

Al

Not applicable

have you tried a 'debug software restart device-server'

restarts the comms between everythign internally... worked for ame a couple of times with userID issues with the PANagent..

Hi,

I have tried with the cli commonad that you advised me.

But I still have the same problem.

Any other advise that you have.

Thanks.

Hello

Please open a case or contact your local distributor to trouble shoot this issue.

Thanks you

I have opened two cases, and it looks that you don not care about it.

I have the case 18948 and 18951. I have just received a call, from case 18951, and the guy restart the PAN Agent services, he chenged some configuration options, but  I have the same problem.

By the way, my local distributor has no idea what is happening with the device, they just told me that I have to contact you.

I wonder you could have time for trobleshoot this, or at leats give me some ideas in order to fix this issue.

Thanks in advance.

Hello

Apologies I did not realize that you already had cases open. I will follow up with the folks who are assigned these cases and we will get back to you.

Thank you

Al

Hi,

any news on this case? I have the same problem. Already opend a case and no news.

Any info on how to fix this issue would be great.

FYI

Please contact your Support provider for any case status you are looking for.

At this moment I have already opened 4 cases regarding the same issue. I do not know If you have solved this or there are not a solution.

What do I need to do?

Whom I have to report this issue?

Please contact Support with your existing case numbers so that they can correlate them and get the issue resolved for you.

L2 Linker

I found same problem. PAN-agent detect some users to _unknown_.

How solution for this problem?

I must check "Disable Netbios/WMI Probing"  or not?

  • 11292 Views
  • 14 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!