10-21-2014 04:25 AM
We are using 4 User-id Agents and today some users started experiencing problems with certain sites they use. The same sites for all users.... but not all sites. We have many ad group based rules and some are still working while others seem to have stopped working.
Looking at the logs I see their userid isn't detected for the blocked traffic but it is for other traffic. Also different AD groups are used by different users and the common factor seems to be the destination IP rather than the AD group used to access it.
Nothing appears to have changed and the there is only one userid mapped to the IP of the user. Some users have regained access after logging out and back in... but this has not worked for eveyone. User-ID agents have all been restarted and don't show any problems as far as I can tell.
I'm at a bit of a loss as to how to troubleshoot this really so any help would be appreciated.
Firewalls are PA-5050's running 5.0.7
