User ID agents showing as red

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

User ID agents showing as red

L3 Networker

I have 3 separate domains on my network and they are not trusted together.  On my main domain where the firewall is installed the agent shows green, however when I install the agent under the remote domains (on different subnets across the country) the icon is red.  The settings match my 2 main domain controllers that are working.  When I look at the remote DCs they are reading the log files.  Also port 5007 is reachable from the outside.  Any thoughts on why they aren't connecting?  I am not seeing any details as to why.

22 REPLIES 22

L5 Sessionator

Hi,

Try to configure different port for each agent on your palo

AD1 - port 5007

AD2 - port 5008

AD3 - port 5009

and of course be sure that your palo is able to contact each of your agent 🙂 through the management interface by default

Should solve your issue

V.

I am using the Windows agent (not the one on the PAN) are you suggesting that I change the port on my remote DCs?

Hi,

no, just in both palo (device / User Identification / User-IDAgent) and on each agent, just the comunication port. No change on the AD

V.

I have the agents running on my remote domain controllers.  I changed to port 5008 on a remote domain controller (where the agent is running) and to 5008 on the PAN.  Still showing red.

sure that communication on port 5008 is possible from management interface on the palo and your remote AD ?

No FW on the AD ?

Which Pa model ?

Which version on the PA ?

Which version on the agent ?

V.

I can ping between management interface and remote DCs and open a telnet session to the remote agent ports.  I am running a 3020 with version 5.0.5.  Also the agent is the latest 5.0.4-5

Please run

show user user-id-agent state Name-Agent

show user user-id-agent statistics

V.

Host: 172.16.109.2:5009

        Status: not-conn:idle(Error: Failed to connect to User-ID-Agent at 172.16.109.2(172.16.109.2):5009)

        num of connection tried                           : 75

        num of connection succeeded                 : 0

        num of connection failed                          : 75

REMOTESVR1          172.16.109.2    5009  vsys1   not-conn:Connecting 0

Either something is blocked between manegemnt and remote agent (something in logs ?) or it's a bug then  contact your local SE.

V.

L6 Presenter

do you have a security rule for your management ip ?

since they are not trusted try to add a rule for management at top (if you don't have)

and see what you see in monitor logs for destination ip filter address of 2 agents seperately

Do you have any service route configuration ? also check if you are using management port for everything or not ?

I do not have any security rules currently for my management IP.  All user-id agents are coming from the Inside trusted zone.  I am noticing that the PAN is dropping traffic for these when running a packet capture.  When I configure the service route for user-id agent traffic and use my LAN interface instead of management all agents are working and connect.  I am not sure where the PAN is dropping traffic however.

so write a rule for management ip

I'll try this, but what zone would I use for the management IP?

if it's default gateway is in LAN zone then it'll be LAN zone.You can write any any with source ip only.

  • 9108 Views
  • 22 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!