What does the version number mean for Redistribution Clients?

What does the version number mean for Redistribution Clients?

6213
Created On 08/16/23 21:14 PM - Last Modified 08/18/23 22:39 PM


Question


Why do some Redistribution Clients have V5 and some have V6? Can the version be changed?

Environment


  • Palo Alto Firewalls
  • PAN-OS 9.1 or higher
  • User-ID Redistribution

Answer


  1. The number represents the redistribution protocol version. Not the User-ID agent version.
  2. PAN-OS 9.1 and earlier used redistribution protocol V5.
  3. PAN-OS 10.0 and higher, a new daemon distributord was introduced and therefore, the redistribution protocol was changed to V6.
  4. Redistribution protocol V6 remains compatible with redistribution protocol V5.
  5. The version depends on Redistribution Client and Agent. If both Redistribution Clients are running PAN-OS 10.0 or greater, then V6 will be used.
  6. If ether Redistribution Client or Agent are running PANOS 9.1 or earlier, then version V5 will be used.
  7. There is no way to manually change the protocol.
  8. Below is a sample output of the CLI command used to see the version.
> show redistribution service client all

IP address/port                               Vsys-ID Version Status           Redistribution
---------------------------------------------------------------------------------------------
10.46.33.191/56190                            1       5       idle                           
10.46.34.154/38874                            1       6       idle             ITU     

Redistribution: 'I': IP User Mapping
Redistribution: 'T': IP Tag
Redistribution: 'U': User Tag
Redistribution: 'H': HIP Report
Redistribution: 'Q': Quarantine


Additional Information


​​​​​​
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000g248CAA&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language