All. I would like to comment on this discussion. Since we are all using the User Identification Agent on a remote box, one thing to check would be the LOGONSERVER for your username by running the SET command in a command prompt window. That LOGONSERVER is managing the security events for your username and if the User Identification Agent on the remote machine does not have the same LOGONSERVER IP Address in the configuration, then it won't be looking at the right server for your security events. I was just about to update our UIA software before being told to look at this from PAN Support. Our UIA software is still on version 3.1.4. After double-checking the IP Address of the LOGONSERVER and making sure that it was inserted into the Domain Controller section, my user-ip-mapping was successful. Hope all is fixed for you.
... View more
I have had to upgrade both my firewalls and Panorama from 4.1.9 to 4.1.10 about a week ago. I updated the firewalls and subsequently cleared the logs for them, however, I failed to do that with the Panorama. Yesterday, I realized this important missed step and subsequently went to export the current logs. The transfer finished this morning and I then began to clear the traffic and threat logs from the Panorama. Now that you have the story, my question is this: How long does it take for the Panorama to start backfilling the traffic and threat logs from the active firewalls? It was my understanding that the active firewalls would begin to send the historical log data to the Panorama. But what time does this activity start? I know there is no exact time of when this is supposed to happen but is there a rough guess-timate?
... View more