Showing results for 
Show  only  | Search instead for 
Did you mean: 

Who Me Too'd this topic

Source user not showing in traffic logs

Not applicable

I have the agentless user-id configured in my PA-500, software is 5.0.4.  If I do a "show user ip-user-mapping all", it retrieves a list of usernames.  However, in my traffic logs (which is currently only limited to a few machines that are running through it), there is almost no log entries with a source user listed.

  • Most of the entries are a PC in another site connected via MPLS private connection through one of my two ISPs.  I think these entries may not be showing a user ID in the traffic log because they are originating from an untrust zone (ISP #2), even though the subnet they are coming from is allowed where User-ID is enabled on zones (the trust zones).  Is this correct?  If so, how can I get the users to be logged for this subnet?
  • My own PC is also not logging a source user in the traffic logs.  I'm not sure why.  My IP nor user mapping is listed in the "show user ip-user-mapping all" either.  Is it because I use my PC to login to the admin interface of the firewall?
Who Me Too'd this topic