Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

What DROPS User -> IP Mappings

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

What DROPS User -> IP Mappings

L4 Transporter

Hi,

For no apparent reason my AD account is not generating reliable User->IP mappings via the UserID agent - after working fine for weeks.

As part of my investigations into this I can see that my User->IP map is being generated, appearing on the UserID agent list and being listed on the Palo Alto itself; then it will just disappear from both (I've been able to time it from appearing when I access a mapped drive, to dropping off, at less than 10 seconds).

Logically there must be some mechanism to purge user->IP maps - logoff AD events? - before the configured timeout value, but I can't find any descriptions, or how to diagnose an issue with this.

Anyone else had this issue - or similar?

Ta

1 accepted solution

Accepted Solutions

L4 Transporter

After some initial investigations, turning OFF 'Server Session Read' in the agents appears to have stopped the unreliable mapping.

This appears to be linked to the Agent removing known maps if they disagree with the info coming back from the server session table.  I am concerned that this fixes one problem and will create another, as the long term stability is likely going to be compromised if we cannot rely on the GPO update cycles to maintain the maps.

Does this ring any bells with people - seen it before, know why accurate maps are being removed by the server session tracking function?

Rgds

View solution in original post

2 REPLIES 2

L4 Transporter

After some initial investigations, turning OFF 'Server Session Read' in the agents appears to have stopped the unreliable mapping.

This appears to be linked to the Agent removing known maps if they disagree with the info coming back from the server session table.  I am concerned that this fixes one problem and will create another, as the long term stability is likely going to be compromised if we cannot rely on the GPO update cycles to maintain the maps.

Does this ring any bells with people - seen it before, know why accurate maps are being removed by the server session tracking function?

Rgds

Hello,


If you are running a multi-domain environment having 'Server Session Read' enabled can cause unreliable mappings. The reason for this is windows session reading does not contain domain info for the session.

- Stefan

  • 1 accepted solution
  • 2780 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!