Palo Alto Networks Knowledgebase: User-IP Mappings Not Redistributed from Collector

User-IP Mappings Not Redistributed from Collector

2682
Created On 02/07/19 23:38 PM - Last Updated 02/07/19 23:39 PM
Resolution

Issue

A Palo Alto Networks firewall running PAN-OS 5.0.x can be configured to act as a User-ID Agent to share collected user mapping and group mapping information to other Palo Alto Networks devices. However, when a Palo Alto Networks firewall is configured as a User-ID Collector, the mappings received from User-ID Agents are not redistributed to the other Palo Alto Networks devices.

 

Resolution

The User-ID Collector redistributes only mappings that are collected locally by the User Mapping (Agentless User-ID) feature. User-IP mappings collected from User-ID Agents installed on Windows servers and from terminal server agents are not redistributed.

 

To configure User Mapping from the WebGUI, go to Device > User Identification > User Mapping

Note: The User-ID Collector should have User-ID Service enabled under an Interface Management (Network > Network Profiles > Interface Mgmt) profile.

   

owner: sdarapuneni



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm1KCAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language