Hi guys, FWITW - my two cents: what UserID Agent sees, it will send to the firewall. If you see consistency between UIA and ip-to-user mappings on the firewall, than it is working as expected. To check this, go to the UserID Agent and find username in "monitoring" tab, than check for the same user by looking in firewall for "show user ip-user-mapping all | match username" and "show user ip-user-mapping-mp all | match username" Any user can be mapped to multiple IP addresses as in any environment, that is not an issue. If you don't have mappings, review your AD logs, find logon events in AD for wireless user and see if they do contain IP address. If there is networking problem with setup etc, test only on wifi and see what happens - follow user by IP address through Monitor and figure out how come it is going through un-authorized. You can also impose rule that allows only known users from wifi zone, so they will have to authenticate. I usually saw problems not consistent with group of users, when they are up to the mapping from big forest, and 9 out of 10 times it will be due to one or few servers in the whole AD forest that are either not in sync with clock so they provide wrong logs or are mis-syncing info from other ADs for other reasons. But such problems usually do not target single group or zone of users, they are more consistent across the whole domain. To me, this sounds much more like networking setup and authentication issue rather than UserID problem....not convinced yet that it is UIA problem. If it was random users from different networks I could buy UserID problem, but consistent failure for wifi users smells much more like misconfiguration. You can always open a TAC case, problem should be cought in one-two GTMs for sure. Regards Luciano
... View more