09-19-2011 06:25 AM
Dear All,
I just install pan-agent on my AD, windwos 2003 server, and configure PAN box to connect to this pan-agent. I can see traffic with user from AD server. I found result from command " show user ip-user-mapping all". I can list group of AD with command " debug device-server dump user-group name".
However after I run command "show user pan-agent user-IDs", it didn't return result. I found some misstake. I cann't control application usage with group name from AD on security policy. Moreover, after I add user on AD, PAN box didn't update list of new user from AD.
Thanks you,
TU
09-19-2011 07:15 AM
Hi,
Have you tried to click Get all from the first page of the PAN agent console? Can you see any user to IP mapping there? How many domain controllers do you have? Have you put all the domain controllers on the list which is mandatory? Are you running the agent with privilege to read AD security log?
09-20-2011 09:17 AM
Hi,
It's ok after I open PAN agent console and click get group as you guide me. Other question is I must open PAN agent console and click get group after I add new user into AD? It isn't make sense to do this thing. I must always open PAN agent console?
Thanks you
TU
09-20-2011 09:05 PM
Hi,
You don't need to do so. Have you tried to add a new user and use that account to logon any one of the PCs? PA needs to see the user in AD log in order to have user to IP mapping. Also, if that user logon through a DC which is not added to the PAN agent, we won't see the log as well.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
