What DROPS User -> IP Mappings

Reply
Highlighted
L4 Transporter

What DROPS User -> IP Mappings

Hi,

For no apparent reason my AD account is not generating reliable User->IP mappings via the UserID agent - after working fine for weeks.

As part of my investigations into this I can see that my User->IP map is being generated, appearing on the UserID agent list and being listed on the Palo Alto itself; then it will just disappear from both (I've been able to time it from appearing when I access a mapped drive, to dropping off, at less than 10 seconds).

Logically there must be some mechanism to purge user->IP maps - logoff AD events? - before the configured timeout value, but I can't find any descriptions, or how to diagnose an issue with this.

Anyone else had this issue - or similar?

Ta


Accepted Solutions
Highlighted
L4 Transporter

Re: What DROPS User -> IP Mappings

After some initial investigations, turning OFF 'Server Session Read' in the agents appears to have stopped the unreliable mapping.

This appears to be linked to the Agent removing known maps if they disagree with the info coming back from the server session table.  I am concerned that this fixes one problem and will create another, as the long term stability is likely going to be compromised if we cannot rely on the GPO update cycles to maintain the maps.

Does this ring any bells with people - seen it before, know why accurate maps are being removed by the server session tracking function?

Rgds

View solution in original post


All Replies
Highlighted
L4 Transporter

Re: What DROPS User -> IP Mappings

After some initial investigations, turning OFF 'Server Session Read' in the agents appears to have stopped the unreliable mapping.

This appears to be linked to the Agent removing known maps if they disagree with the info coming back from the server session table.  I am concerned that this fixes one problem and will create another, as the long term stability is likely going to be compromised if we cannot rely on the GPO update cycles to maintain the maps.

Does this ring any bells with people - seen it before, know why accurate maps are being removed by the server session tracking function?

Rgds

View solution in original post

Highlighted
L4 Transporter

Re: What DROPS User -> IP Mappings

Hello,


If you are running a multi-domain environment having 'Server Session Read' enabled can cause unreliable mappings. The reason for this is windows session reading does not contain domain info for the session.

- Stefan

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!