- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
03-20-2022 11:39 PM - edited 03-20-2022 11:42 PM
Hi folks !
Would like your advice on a specific issue about user-id limitations :
One of our customer is using one central firewall to redistribute user-id mapping to more than 100 devices, and has issues about user-id process crashing on the central fw.
As far as i understood limitations on user-id redistribution, there is a limit of 100 redistribution points beneath each firewall, which is not the case, as this central fw is retrieving infos from 2 user-id agents only. It just spreads these infos to more than one hundred devices. Each remote device only has like 3 layers beneath it.
So, is this normal behavior, or is there a trick here to make it work ?
Subsidiary question, the windows user-id agent sometimes generates more than 150gb of traffic in a day (1gb maximum in normal times), if anyone has an idea 😉
Thx !
03-24-2022 02:05 AM
Hi @ssavariau ,
What hardware are you running and what PAN-OS version ?
Have you checked the firewall logs for a root cause of the UID crashing ? Are there any core-files that can be analyzed ?
Cheers,
-Kiwi.
03-24-2022 02:35 AM
Hi Kiwi,
Firewalls are a 3220 for the hub, and 220s for spoke, running on PAN-OS 9.0.0
On the hub, distributord process was shown as running, but we still had to run CLI command "debug software restart process distributord" to make it functional again. At the time of this crash, an investigation was done, and that was the immediate solution found to correct it.
If we cannot spread user-id mapping to more than 100 devices from only one, we'll need to take a more hierarchical approach i think ?
Thx for your time !
Cheers
03-24-2022 05:49 PM
9.0 just went end of life at the beginning of this month, so you'll need to get these to 9.1 or higher sooner rather than later. If you choose to open a chase on the issue, they'll tell you to upgrade before continuing to troubleshoot I'm sure so be aware of that. If you upgrade to a supported release and run into the issue again, then you can open a TAC case and have them identify root cause on why the process locked up, it could easily be some bug in the process you're running into.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!