User-ID Agent - not populating PAN

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

User-ID Agent - not populating PAN

L4 Transporter

We have been using the User-ID Agent and it has been working for over a year. On the 17th, the PAN stopped populating the traffic log with the user-id information. The Agent is working fine (user ids show up in the monitor) and the PAN is connecting the Agent, but no user information is showing up. I have checked through the config logs, and nothing has been changed besides some reverse NAT rules. There were server updates done at the same time (microsoft security updates) so that could be the issue, but I thought I would throw it out to the community to see if anyone else has had this happen to them recently. I am using ver 4.1.6.

The inherent vice of capitalism is the unequal sharing of blessings; the inherent virtue of socialism is the equal sharing of miseries.
1 accepted solution

Accepted Solutions

L4 Transporter

Worked with TAC. After a FW restart, the User Agent started working again.

The inherent vice of capitalism is the unequal sharing of blessings; the inherent virtue of socialism is the equal sharing of miseries.

View solution in original post

11 REPLIES 11

L4 Transporter

Hi,

It would help to look at the Uadebug log file in the User-id Directory for any errors.

Also, there are some known issues with UIA version 4.1.6 regarding the ip-mappings being dropped on the firewall.

Thanks,

Aditi

I have checked the debug log on the Agent and everything looks fine. What is strange is that everything has been working for over a year.

The inherent vice of capitalism is the unequal sharing of blessings; the inherent virtue of socialism is the equal sharing of miseries.

L5 Sessionator

Hi,

If all info seem to be ok on the agent and be able to see user / IP mapping in then look in the PA: show user ip-user-mapping all

Is there any info ?

          No, mean Pan has no user info in memory => either bug in Pan or communication issue between agent and pan

          Yes mean mapping is ok. Are you sure that nobody (everybody have a ghost on his network) disable user identification on your Zone ?  Rgds

V.

L4 Transporter

Just as an update.

I have been in contact with TAC with no joy so far. The PAN sows the userID for a very small fraction of the connections where it used to show the userid for all connections. I have been asked to upgrade to the newest software to see if that resolves the issue.

The inherent vice of capitalism is the unequal sharing of blessings; the inherent virtue of socialism is the equal sharing of miseries.

Not applicable

You might want to triple check that you have all domain controllers listed in the User-ID agent(s).  We had our systems admins add a new domain controller without telling the firewall admins and noticed similar strange results.  Tech support did not think to check for that but once we added in the new DC everything cleared up.

Thanks for the reply. I did check that all of the domain controllers were added. I event tried removing the configs for user-id and re-adding them with no success.

The inherent vice of capitalism is the unequal sharing of blessings; the inherent virtue of socialism is the equal sharing of miseries.

I noticed a similar issue with a newly installed device.  Our problem came down to the network Zone not having the "Enable User Identification" flag set.  So perhaps double check and make sure that hasn't gotten cleared on any of your network zones?

And what was your output from running show user ip-user-mapping all at the command line?

We have verified that "Enable User Identification" flag is set for the zones in question (and have disabled and re-enabled them).


show user ip-user-mapping all is blank.

The inherent vice of capitalism is the unequal sharing of blessings; the inherent virtue of socialism is the equal sharing of miseries.

L4 Transporter

Worked with TAC. After a FW restart, the User Agent started working again.

The inherent vice of capitalism is the unequal sharing of blessings; the inherent virtue of socialism is the equal sharing of miseries.

That is very interesting.So this means at last we may try restarting FW to solve problems...

Thanks for update.

L0 Member

If the issue is intermittent restart the management server

debug software restart process management-server

  • 1 accepted solution
  • 8057 Views
  • 11 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!