04-19-2022 11:48 AM
We are using User Identification and have the user-id agent running on 2 different AD servers. Also using global protect. When looking at traffic logs I can filter on my GlobalProtect VPN IP, I can see the source user of my user account, and a source user of another account. When looking user-id mappings, and look at my VPN IP, I only see my user account. Any idea what would be causing this?
04-19-2022 01:19 PM
Hi @emarschang
Did you really hit enter for the search query in the first screenshot?
As there are 2 hours between the logs in these screenshots it might be possible that the other user disconnected and global protect assigned then this IP to you. At least this is an explanation. If you provide some more logs like the global protect logs we might be able to find the actual reason.
04-20-2022 01:47 PM
Sorry for the confusion there on the timestamps. Next time I catch this happening, ill will try to grab the relative logs/time stamps.
04-28-2022 12:26 PM
I finally was able to get some fresh screen shots. I got a screen shots from the traffic log, user-id log, and url filter log. I think we can take the global protect out of the equation. This is happening to internal users as well. In this example, end user tried to go to you tube, got a blocked page, but it showed his username as the manadmin user. Not his user account.
04-29-2022 02:37 PM
Hello,
What is the timeout setting for your user-id settings? Also what are you using for user-id to perform the mapping, active directory logs, etc.?
Regards,
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!