nt-autorität\anonymous-anmeldung

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
L7 Applicator

You should try to determine who/what is adding those entries to the firewall user-ip list

 

If you go into the monitor tab on the UserID agent, is the anonymous-anmeldung user still listed there?

if this is the case, you could try tuning the entries in your exlude_user_list.txt, possibly try restarting the uid service in case it isn't picking up the file

 

if the user does not exist on the agent, it must originate from somewhere else, possibly the clientless config on the firewall or a different agent

 

Tom Piens - PANgurus.com
New to PAN-OS or getting ready to take the PCNSE? check out amazon.com/dp/1789956374
Highlighted
L2 Linker

Good morning Reaper,

Yes the "anonymous.." is listing into the monitor tab!

I delete the entry and the right user was shown.

But was is the reason with the anonymous entries? What can I do?

 

Thanks

 

cu

Wolfgang

L2 Linker

Hello together,

Is it useful to change the parameter "User Identification Timeout" Value?

 

Thanks

 

cu

Wolfgang

Highlighted
Cyber Elite

Could you try to disable Netbios probing?

Highlighted
L2 Linker

I did it - some nt-autorität\anonymous-anmeldung entries are still in the log :-(

 

Other parameters?

Any other ideas?

 

THANK YOU

 

cu

Wolfgang

Highlighted
L2 Linker

Hi,

Disabling Netbios probing doesn't help!!!!

 

cu

Wolfgang

Highlighted
Cyber Elite

Did you check one of the clients with this user-ip-mapping if there is something that logs on anonymous on that client? Is the user-id agent your only source for user-id or do you have also others?

Highlighted
L2 Linker

It's always a User logged in.

We have two Active DC (Win 2012) with the User-ID-Agent.

Highlighted
L2 Linker

Hi,

I think the solution is/was to store the ignore_user_list.txt as UniCode!!!

 

Thanks to all

 

cu

Wolfgang

View solution in original post

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!