I have the agentless user-id configured in my PA-500, software is 5.0.4. If I do a "show user ip-user-mapping all", it retrieves a list of usernames. However, in my traffic logs (which is currently only limited to a few machines that are running through it), there is almost no log entries with a source user listed.
- Most of the entries are a PC in another site connected via MPLS private connection through one of my two ISPs. I think these entries may not be showing a user ID in the traffic log because they are originating from an untrust zone (ISP #2), even though the subnet they are coming from is allowed where User-ID is enabled on zones (the trust zones). Is this correct? If so, how can I get the users to be logged for this subnet?
- My own PC is also not logging a source user in the traffic logs. I'm not sure why. My IP nor user mapping is listed in the "show user ip-user-mapping all" either. Is it because I use my PC to login to the admin interface of the firewall?
