Rules applying to wrong users

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Rules applying to wrong users

L0 Member

IOS : 4.0.1

User ID Agent Version: 3.1.2

We have RULE1 set for USERS - A, B, and C.  They have an AV, Anti-Spyware, and Vulnerability protection.  RULE2 is for ANY other users on the network, which has its own AV, Spyware, Vulnerability profiles as well as a URL Filter.

Users associated with RULE1 will randomly be applied to a URL filter, when they should not be.  After a user reboots their computer the problem is fixed, but the problem will happen once again.

I have also tried using Source IP address as well as USERNAME on RULE1 to prevent this, but unfortunitally we still have problems.

Any ideas on other things to try?

5 REPLIES 5

L6 Presenter

Hi,

Please call into Support for a more thorough debugging session.

Cyber Elite
Cyber Elite

can you verify the user association via "show user ip-user-mapping ip x.x.x.x"? when a user is experiencing the aforementioned behavior this mapping will probably be -unknown- for his IP address

check the same IP address on the panagent, if it is -unknown- there too, verify the cnfiguration

you may want to increase the age out timeout so user data is stored longer

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

show user ip-user-mapping ip 10.7.1.60

IP address:  10.7.1.60
User:        unknown
Ident. By:   Unknown
Idle Timeout: 651s
Max. TTL:    1551s
Groups that user belong to (used in policy)

i have changed the settings on the agent to disable the NetBIOS/WMI checking.

Have reset all other values to defaults.  What should i try next?

Thanks for you help!

Good Afternoon,

More often than not the problems lies with the pan-agent and how it is configured or what it is running on.  If you are certain that your pan-agent is installed and functioning properly it would be prudent for you to contact Technical Support at (866) 898-9087.

~Phil

L0 Member

SOLUTION :When setting up the Agent service on the domain controller you will want to have the settings under the "Recovery" tab to be "Restart the Service" for First/Second/Subsequent failures and to have the restart service timer at 1 minute.

This works for Server 2003 R2 environments.

  • 3189 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!