This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Security policies did not take effect after Sleep Mode

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Security policies did not take effect after Sleep Mode

mbs.admin
L2 Linker

‎07-03-2013 09:35 AM

Hi,

Just like to find out if there is a known  issue with Palo Alto and Windows 8 for direct internet policy.  Currently, we have defined a policy in PA to allow AD user to connect to internet.  However, based on my observation, once my notebook goes to sleep mode, then wake up, then login the policy doesn’t seem to take effect.  To gain direct internet access what I need to do is to log off then log in again.

Thanks,

Xer

Labels:
0 Likes Likes
4 REPLIES 4

Chatri
L3 Networker

‎07-03-2013 09:51 AM

Hello,

One good test to to check whether the PA loses the Ip-user mapping up on switching the laptop to sleep mode ( which is the reason why the user does not hit the policy created for him), we could check the ip-user mapping table on the PA using the command.

>>show user ip-user-mapping all.

That will give us a better indication of how to avoid that.

I would understand why a log off and log on would reinstate the mapping considering the fact the PA will look at the event logs of the DC to track LOG ON success events to enumerate user to ip mapping

mbs.admin
L2 Linker
In response to Chatri

‎07-03-2013 10:14 AM

Hi Chatri,

Thanks for the reply.

I'm just wondering why PA lost the ip-user-mapping considering that the user didn't logged off? Isn't it a bug in PA?

0 Likes Likes

Chatri
L3 Networker
In response to mbs.admin

‎07-03-2013 10:21 AM

Hi Xer,

The Palo Alto will will not know if the device is in sleep mode or not.

The Palo Alto will only look at four event Ids in the security logs of the domain controller to get the mappings ( all four event IDs correspond to log on events, the PA does not see the Log off events).

But yes, having said that when the PC is turned on from the sleep mode the DC should record an event of the user getting logged on and the PA should get the mapping back.

It wont be a bad idea to open up a TAC case to see what exactly is causing the mapping to be lost.

I hope that is helpful.

mbs.admin
L2 Linker
In response to Chatri

‎07-07-2013 09:27 PM

Hi Chatri,

Thanks for the support. But, after further investigation we think the problem is the communication of PANAgent to Palo Alto Firewall. The connection is intermittent and if we issue a ping command, the connection is stable. I attached the screenshot I got from the system log. every 2 to 10 minutes the agent gets disconnected. Have you encountered this before?

Thanks.

PANAgent.jpg

0 Likes Likes
  • 2508 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks