How many Firewalls can the Windows based User-ID agent handle?

How many Firewalls can the Windows based User-ID agent handle?

4487
Created On 12/13/24 16:00 PM - Last Modified 06/26/25 18:09 PM


Question


How many firewall connections are allowed within the Windows based User-ID agent and what will happen when User-ID agent is overloaded?

Environment


  • Palo Alto Firewalls
  • Supported PAN-OS versions
  • Windows based User-ID agent (UIA)
  • More than 50 firewalls are connected to the UIA

Answer


  1. The Windows based User-ID agent can handle up to 50 firewalls.
  2. If there are more than 50 firewalls, the UIA rejects and closes TCP connections.
  3. Following logs can be seen on the UIA "UaDebug.log" file:

[ Info 1304]: New connection 10.30.110.25 : 44338.
[ Warn 1309]: Max connection reached!!!!
[ Info 1304]: New connection 10.30.138.25 : 59148.
[ Warn 1309]: Max connection reached!!!!
[Error  618]: st->buf[st->index], sizeof(st->buf[st->index]))() failed

 

[Error  441]: Failed to compose ip-users msg with 4 add 0 delete. error -17
[ Info 1304]: New connection 10.30.68.25 : 34924.
[ Warn 1309]: Max connection reached!!!!
[Error  618]: st->buf[st->index], sizeof(st->buf[st->index]))() failed

 

[Error  175]: Failed to compose log msg with 74 logs. error -17

  1. Firewall "useridd.log" shows TCP error number 150 as shown below:
> less mp-log useridd.log
.....
Error: pan_ssl_conn_open(pan_ssl_utils.c:755): pan_tcp_sock_open() to 10.45.10.101 port 31337 failed; errno=150
Error: pan_ssl_conn_open(pan_ssl_utils.c:843): Error: Failed to Connect to 10.1.3.201(source: 10.50.112.25), SSL error: error:00000000:lib(0):func(0):reason(0)(5)
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000PQxWCAW&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language