Palo Alto Networks Knowledgebase: Troubleshooting User-ID: Group and User-to-IP Mapping

Troubleshooting User-ID: Group and User-to-IP Mapping

25642
Created On 07/29/19 17:23 PM - Last Updated 07/29/19 17:51 PM
Resolution

Overview

Group mapping and user-IP mapping are two primary functions of User-ID.  Group mapping associates groups with their user members and user-IP (or IP-user) mapping associates IP addresses to users.

The attached document covers troubleshooting tips for common User-ID configuration issues around group mapping and user-IP mapping. The document covers issues such as:

  • Group mapping not pulled from AD/LDAP
  • No user-to-IP mappings present from User-ID agent
  • No user-to-IP mappings present from captive portal
  • IP mappings are created but disappear too soon
  • Incorrect IP mapping for some users with User-ID agent or agentless User-ID
  • Unknown or no users in traffic logs
  • Increased traffic chatter/congestion

A section at the end of the document describes some commonly used CLI commands for User-ID.

Also, links to useful articles in the Palo Alto Networks Support Knowledge Base are provided throughout the document.

owner: sjamaluddin, jteetsel



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cli5CAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language