No User-ID mapping from an included network

No User-ID mapping from an included network

386
Created On 02/21/22 04:01 AM - Last Modified 10/27/25 16:47 PM


Symptom


  • The User-ID mapping is missing for some included networks.
  • For instance, in the situation below, 2 networks are included in User-ID mapping.
  • The User-ID mapping is present for the lan-1 (UserA - 192.168.1.10) but not for the new lan (UserB - 192.168.2.10).


User-ID configured with included networks.

Environment


  • PAN-OS
  • User-ID Agentless with Include/Exclude list.

Cause


The Network object is not in the Custom Include/Exclude Sequence.


The network is not present in the custom Include/Network Sequence.

Resolution


To add the missing Network object in the custom Include/Exclude sequence :

  1. Go to Device>User Identification.
  2. Click Custom Include/Exclude Network Sequence.


Open the Custom Include/Exclude Network Sequence.

 

  1. Click Add.
  2. Select the Network Object to add.
  3. Click OK.
  4. Commit the configuration.


Select the Network Object to add in the Sequence.

Additional Information


PAN-OS Documentation - Include or Exclude Subnetworks for User Mapping
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004NICCA2&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail