A few weeks ago I noticed that in our firewall suddenly all the Source User fields are showing blank. This is very strange since it happened without any changes being made to the firewall or the Domain Controller. We populate user IDs using LDAP. All the settings are correct and the LDAP servers (our primary and backup domain controllers) are both still showing connected in User Mapping settings. I also see that Enable User Identification is still checked under Network > Zones. Literally nothing has changed, but one day it stopped poulating Source Users when I use the Traffic Monitor or ACC. I can't seem to find what would cause this. I've done extensive Google searches, but I have not come across anyone else who has experienced this issue. It hasn't been a huge issue since we don't have any policies based on user IDs or user groups. We pretty much use this for monitoring purposes, but it's still quite annoying to lookup traffic on an IP address and then I have to go to the DHCP server to findout who the IP belongs to. Is there something I might be missing?
Could you please share the output of the command:
show system info
It could be a bug in which if firewall is up for around an year or so it may loose use-ip mapping.
We had this issue a while back without being up for a year or more; turned out that we simply needed to remove the authentification profile (not the LDAP server settings) and then everything starting flowing correctly. That being said I do believe that the process hung and clearing out the profile had the service restart. If your enviroment allows it I would just schedule a restart over this weekend and see if that fixes it, if not then try the above suggustion and see if it works for you to.
That sounds reasonable. Unfortunetely, it will be a little while before I can schedule a restart of the firewall. It has definetely been up for over a year. Again, it's not a huge problem since we only use it for monitoring, it's just an annoyance. Thanks for the advice. Once I'm able to do the restart I'll mark this the answer if it does indeed fix the problem.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!