Unknown Users Detected In User-IP Mapping

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

Unknown Users Detected In User-IP Mapping

Not applicable

Hi All,

I was checking the User-IP mapping in one of the boxes and noticed something which is a mystery to me. I have attached the picture in this discussion. Some of the entries in the output show as Unknown. Any of you know why and how this happens ?

The white boxes that have been cut out are the usernames which i had to remove due to privacy concerns.



L3 Networker

Are these actual users ? Can you look into the traffic logs to see the traffic that is sourced from these ips.

Not applicable


Thank you all for the reply. I did everything but have no resolution yet. Let me try some other things and see, If it still won't work I will open up a case with Support. Anyway I will keep this thread updated as to what the steps taken to resolve this issue.



If the firewall/agent is receiving traffic form an ip it does not have user mapping info for, it will probe that ip to get that info. We need to check if the host responds to wmi probes by probing the ip address manually from another host or a host with domain admin login

Following is the command you can run on a cmd, wmic /Node: ComptuerSystem Get UserName




just wondering if you found a solution to this, 

Im having some of those unknown, and that messes up with the rules that has user ID in it.

very sporadic, impossible to troubleshoot.





L1 Bithead



Was there a solution for this?



  • 6 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!