User-ID agent(s) down for Palo Alto Networks

Vendor

Palo Alto Networks

Description

If the active member of a cluster has one or more User-ID agents down, Indeni will alert.

Remediation Steps

Check why the User-ID agents listed are not communicating. Refer to https://live.paloaltonetworks.com/t5/Management-Articles/Useful-CLI-Commands-for-Troubleshooting-User-ID-Agent-Software/ta-p/58239 . Useful troubleshooting steps include: + 1. Verify if the user agent is connected and operational. + 2. Are there IP-to-username mappings? + 3. Has the firewall pulled groups from the User-ID agent? + 4. Verify the state of the LDAP servers - are they up?

How does this work?

This script uses the Palo Alto Networks API to retrieve the status of the high availability function of the firewall and specifically retrieves the local member's state.

Why is this important?

Tracking the state of a cluster member is important. If a cluster member which used to be the active member of the cluster no longer is, it may be the result of an issue. In some cases, it is due to maintenance work (and so was anticipated), but in others it may be due to a failure in the firewall or another component in the network.

Without Indeni how would you find this?

The status of high availability is visible in the web interface, as a widget on the main screen.

View Source Code
single