04-22-2016 12:41 AM
Hi,
If i run these commands in FW will affcet to the service???
Please try restarting the User-ID
>Debug software restart process user-id
>Debug user-id reset user-id-agent all
How log affect to the users? Should i ask for a window maintenance?
Thanks a lot.
04-22-2016 01:32 AM
Hey,
Restarting the user-id will cause the ip-user mappings to be lost.
If you are using usernames in security policies to filter out traffic, they will not be matched for the period of the user-id service restart and then they will rebuild the ip-user mappings together with the group information.
If the usernames are used in security policies, it's best to run the commands during a scheduled maintenance window.
Thanx.
04-22-2016 01:56 AM
if the userID agents themselves are not restarted and have a full mapping the impact would be really short but there would be non-matched users for the period of time it takes for the service to restart, so it it best to do this during a down time or have a catch-all security policy in place to temporarily allow users to get through without mapping
if the userID agents themselves are restarted as well, or the mapping is done clientless, rebuilding the user database can take a much longer time as the agent/clientless will need to re-read the security logs on the Active Directory
04-22-2016 02:22 AM
They have 2 userid agents. How long the user would be affect?? until to restart the userid proccess?? 1-3 minutes?
04-22-2016 04:08 AM
that will depend on a few factors, like the platform, management plane resources, complexity/size of the configuration and enabled features etc
so safety wise it would be best to assume there could be a 5 minute break (in reality it will likely be only a few seconds, but murphy's law could interfere
04-23-2016 08:34 PM
@reaper Sure restarting the agents might cause the agents to lose the cache of the user record, but isn't it really a "non-issue" because the MP and DP of the firewalls that are attached to the respective UIAs should still have the records?
04-24-2016 11:29 PM
@Brandon_Wertz: well, yes and no 😉 under ideal circumstances restarting the agent will not have an impact at all
But: there's many types of deployments out there, some may have really short timeouts for user mappings , or a user may not have logged on just yet,... it's better to er on the side of precaution and be happy no interruption was noticed by the users (i have some interesting stories of my early days in TAC where i was "oh let's just restart this service real quick, it's not gonna do anything" and moments later i could hear alarms blaring in the background at the customer site 😉 )
04-25-2016 05:44 AM
haha yeah good point. Our enviornment I made sure we've got two agents for each site. So we can be assured of a zero impact.
04-25-2016 06:02 AM
bonus FYI: the agent has it's own little cache that is reloaded after restart to repopulate it's tables. only if an agent is stopped more than 5 minutes will it start from scratch
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
