IP-User mappings are not redistributing from non-hub vsys to the hub vsys

IP-User mappings are not redistributing from non-hub vsys to the hub vsys

4112
Created On 06/02/23 19:53 PM - Last Modified 09/27/24 20:20 PM


Symptom


  • User's traffic is not working due to missing ip-user mapping on hub vsys
  • User's mapping is present on the non-hub vsys but not being redistributed to hub vsys
  • User-ID redistribution works from hub vsys to non-hub vsys

Environment


  • Palo Alto Firewalls
  • PAN-OS 10.2 or higher
  • Multi-vsys Environment
  • User-ID Redistribution

Cause

Resolution


  1. Setup non-hub vsys to act as a client to Panorama.
  2. Now, hub vsys  will learn the ip-user mappings from Panorama.
  3. Therefore, the mapping redistribution path would be non-hub vsys > Panorama > hub vsys.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000kI2SCAU&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language