Found an issue on a customer's firewall. For some reason, the “source user” becomes unknown while students are using a web application called Istation. When that happens, the web traffic for that IP address becomes blocked by another policy. She wrote a specific policy for Istation traffic even if the user is unknown to resolve this issue. But the real question is….Why is the “source user” blanking out in the middle of using a web application?
Appreciate your thoughts and suggestions.
I'm fighting a similar issue on my side especially with users on VPN getting the wrong web-filtering policy. I have not seen the 'unknown' source user, its usually just he username on the VPN without the domain (in my case so this is why they get the wrong policy). Support did provide guidance on this for me, perhaps they can do the same for you?
Another thing that just occurred to me, how many user-id agents are you using or are you using the PAN's for the direct lookup?
Sounds like the user is caching out. Nothing to do with the application. I'm assuming these computers are part of the domain since you do pick up the user initially through the user-ID agent. Did you enable "Server session monitoring" in the userID agent? Also is WMI probing enabled and working? Both these mechanisms will help keep the user to IP mappings fresh.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!