PAN agent 5.0.6 looses user IP

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

PAN agent 5.0.6 looses user IP

Not applicable

We are running PAN OS 5.0.11, with PAN agent 5.0.6-6.
But we observe that intermittently, to various users, users are not matched with their IP addresses and Internet is blocked.

When we search for this user in PAN agent, we do not see the user in PAN agent at all.


The only way out is, the user logs off and logs back in to his system, and then, we see him in the PAN agent, and

then he is able to access internet as per policy. (Attached is the PAN setup config)

Could you please state any one else having this issue

pan 5.0.6 setup.jpg

2 REPLIES 2

L4 Transporter

Hello

You have timout for WMI/NetBIOS 45 min and User ID timeout 15 minuts, What is Your DHCP lease time?

Please try to clear mapping for one test user and authenticate it again and try to verisy after 15 and 45 minuts when it loose internet access.

Please read this doc (regardijng troubleshooting)

Architecting User Identification Deployments

https://live.paloaltonetworks.com/docs/DOC-5662

Please also verify that it is configured correctly.

Below are few good docs on User id

https://live.paloaltonetworks.com/docs/DOC-3664

https://live.paloaltonetworks.com/docs/DOC-3120

https://live.paloaltonetworks.com/docs/DOC-1920

Hope this helps you resolve the issue.

Regards

SLawek

Hello

From UserID agent 6.0.2 tech note:

61434—An issue was resolved where the User-ID agent was missing time stamps in the ip-user-mapping-cache file. This resulted in older entries overwriting newer entries when multiple User-ID agents were in use.

It could solve your problem!

Regards

SLawek

  • 1542 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!