04-27-2014 11:40 PM
We are running PAN OS 5.0.11, with PAN agent 5.0.6-6.
But we observe that intermittently, to various users, users are not matched with their IP addresses and Internet is blocked.
When we search for this user in PAN agent, we do not see the user in PAN agent at all.
The only way out is, the user logs off and logs back in to his system, and then, we see him in the PAN agent, and
then he is able to access internet as per policy. (Attached is the PAN setup config)
Could you please state any one else having this issue
04-28-2014 12:37 AM
Hello
You have timout for WMI/NetBIOS 45 min and User ID timeout 15 minuts, What is Your DHCP lease time?
Please try to clear mapping for one test user and authenticate it again and try to verisy after 15 and 45 minuts when it loose internet access.
Please read this doc (regardijng troubleshooting)
Architecting User Identification Deployments
https://live.paloaltonetworks.com/docs/DOC-5662
Please also verify that it is configured correctly.
Below are few good docs on User id
https://live.paloaltonetworks.com/docs/DOC-3664
https://live.paloaltonetworks.com/docs/DOC-3120
https://live.paloaltonetworks.com/docs/DOC-1920
Hope this helps you resolve the issue.
Regards
SLawek
05-05-2014 12:57 PM
Hello
From UserID agent 6.0.2 tech note:
61434—An issue was resolved where the User-ID agent was missing time stamps in the ip-user-mapping-cache file. This resulted in older entries overwriting newer entries when multiple User-ID agents were in use.
It could solve your problem!
Regards
SLawek
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
