I was checking the User-IP mapping in one of the boxes and noticed something which is a mystery to me. I have attached the picture in this discussion. Some of the entries in the output show as Unknown. Any of you know why and how this happens ?
The white boxes that have been cut out are the usernames which i had to remove due to privacy concerns.
Thank you all for the reply. I did everything but have no resolution yet. Let me try some other things and see, If it still won't work I will open up a case with Support. Anyway I will keep this thread updated as to what the steps taken to resolve this issue.
If the firewall/agent is receiving traffic form an ip it does not have user mapping info for, it will probe that ip to get that info. We need to check if the host responds to wmi probes by probing the ip address manually from another host or a host with domain admin login
Following is the command you can run on a cmd, wmic /Node:192.168.128.16 ComptuerSystem Get UserName
just wondering if you found a solution to this,
Im having some of those unknown, and that messes up with the rules that has user ID in it.
very sporadic, impossible to troubleshoot.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!