User-ID agent(s) down for Palo Alto Networks

Vendor

Palo Alto Networks

Description

If the active member of a cluster has one or more User-ID agents down, Indeni will alert.

Remediation Steps

Check why the User-ID agents listed are not communicating. Refer to https://live.paloaltonetworks.com/t5/Management-Articles/Useful-CLI-Commands-for-Troubleshooting-User-ID-Agent-Software/ta-p/58239 . Useful troubleshooting steps include: + 1. Verify if the user agent is connected and operational. + 2. Are there IP-to-username mappings? + 3. Has the firewall pulled groups from the User-ID agent? + 4. Verify the state of the LDAP servers - are they up?

How does this work?

This alert uses the Palo Alto Networks API to retrieve the current status of the User-ID agents (the equivalent of running "show user user-id-agent state all" in CLI).

Why is this important?

This alert uses the Palo Alto Networks API to retrieve the current status of the User-ID agents (the equivalent of running "show user user-id-agent state all" in CLI).

Without Indeni how would you find this?

An administrator can log into the web interface to determine the status of the agents. Normally, this would be a result of an outage reported, pertaining to certain users' access to network resources.


View Source Code