Uploaded by polarber

User-ID Agent-8.1.2-RN

advertisement
User-ID™ Agent 8.1 Release Notes
Release 8.1.2
paloaltonetworks.com/documentation
Contact Information
Corporate Headquarters:
Palo Alto Networks
3000 Tannery Way
Santa Clara, CA 95054
www.paloaltonetworks.com/company/contact-support
About the Documentation
• For the most recent version of this guide or for access to related documentation, visit the Technical
Documentation portal www.paloaltonetworks.com/documentation.
• To search for a specific topic, go to our search page www.paloaltonetworks.com/documentation/
document-search.html.
• Have feedback or questions for us? Leave a comment on any page in the portal, or write to us at
[email protected]
Copyright
Palo Alto Networks, Inc.
www.paloaltonetworks.com
© 2018-2018 Palo Alto Networks, Inc. Palo Alto Networks is a registered trademark of Palo
Alto Networks. A list of our trademarks can be found at www.paloaltonetworks.com/company/
trademarks.html. All other marks mentioned herein may be trademarks of their respective companies.
Last Revised
July 16, 2018
2 USER-ID™ AGENT 8.1 RELEASE NOTES |
Table of Contents
User-ID Agent 8.1 Release Information........................................................ 5
Features Introduced in User-ID Agent 8.1........................................................................................... 7
Changes to Default Behavior................................................................................................................... 8
System Requirements.................................................................................................................................9
Operating System (OS) Compatibility.................................................................................................. 10
Known Issues............................................................................................................................................. 11
User-ID Agent 8.1 Addressed Issues................................................................................................... 12
User-ID Agent 8.1.2 Addressed Issues...................................................................................12
User-ID Agent 8.1.1 Addressed Issues...................................................................................12
User-ID Agent 8.1.0 Addressed Issues...................................................................................13
Getting Help.......................................................................................................15
Related Documentation...........................................................................................................................17
Requesting Support.................................................................................................................................. 18
TABLE OF CONTENTS
iii
iv TABLE OF CONTENTS
User-ID Agent 8.1 Release Information
Revision Date: July 16, 2018
Review important information about Palo Alto Networks® Windows-based User-ID™ agent
software, including new features introduced, workarounds for open issues, and issues that are
addressed in User-ID agent 8.1 releases.
To ensure that you are viewing the most current version of these Release Notes, always defer
to the web version; do not store or rely on PDFs to be current after you download them.
>
>
>
>
>
>
>
Features Introduced in User-ID Agent 8.1
Changes to Default Behavior
System Requirements
Operating System (OS) Compatibility
Known Issues
User-ID Agent 8.1 Addressed Issues
Getting Help
5
6 USER-ID™ AGENT 8.1 RELEASE NOTES | User-ID Agent 8.1 Release Information
©
2018 Palo Alto Networks, Inc.
Features Introduced in User-ID Agent 8.1
The Windows-based User-ID™ Agent 8.1 release includes the following new feature.
New User-ID Agent
Feature
Description
Support for Multiple
Username Formats
When a user logs on to multiple services with different usernames,
User-ID sources send these usernames in multiple formats (for example,
[email protected], DOMAIN\jdoe, and jdoe). In this case, it can be
difficult to uniquely identify the user. To help you identify and consistently
enforce policy for these users, you can now configure the firewall to fetch
multiple attributes from an LDAP-compliant directory.
For more information, refer to the PAN-OS® 8.1 New Features Guide.
USER-ID™ AGENT 8.1 RELEASE NOTES | User-ID Agent 8.1 Release Information
©
7
2018 Palo Alto Networks, Inc.
Changes to Default Behavior
The Windows-based User-ID™ Agent 8.1 release has the following changes to default behavior.
Feature
Change
Support
for
Multiple
Username
Formats
• Since multiple username attributes are supported, you must select the Primary
Username attribute that you want to use for user identification.
• Previously, the firewall normalized usernames received from User-ID sources (such
as an LDAP directory) to the domain\username format. In PAN-OS® 8.1, when the
Primary Username is in UPN format, it will not be normalized as in previous PAN-OS
versions. As a result, usernames are displayed in their original format (for example,
[email protected]).
8 USER-ID™ AGENT 8.1 RELEASE NOTES | User-ID Agent 8.1 Release Information
©
2018 Palo Alto Networks, Inc.
System Requirements
The system where you install the Windows-based User-ID™ agent 8.1 release has the following minimum
requirements:
• CPU—4 cores
• Hard disk space—10MB
• Memory—4GB RAM
USER-ID™ AGENT 8.1 RELEASE NOTES | User-ID Agent 8.1 Release Information
©
9
2018 Palo Alto Networks, Inc.
Operating System (OS) Compatibility
You can install a Windows-based User-ID™ agent 8.1 release on a host computer that is running a
supported OS version and then connect the User-ID agent to a directory server that is also running
a supported OS version to enable the agent to monitor and obtain IP address-to-username mapping
information.
The User-ID agent is compatible with PAN-OS® 8.1 and earlier PAN-OS releases that Palo Alto Networks®
still supports. To see where you can install the User-ID agent and which servers it can monitor, see
additional compatibility information in the Palo Alto Networks Compatibility Matrix.
10 USER-ID™ AGENT 8.1 RELEASE NOTES | User-ID Agent 8.1 Release Information
©
2018 Palo Alto Networks, Inc.
Known Issues
The following table describes known issues in the Windows-based User-ID™ agent 8.1 release.
For recent updates to known issues for a given PAN-OS® release, refer to https://
live.paloaltonetworks.com/t5/Articles/Critical-Issues-Addressed-in-PAN-OS-Releases/tap/52882.
Issue ID
Description
WINAGENT-398
When the User-ID agent restarts, it loads the existing IP address-tousername mappings but with an incorrect username value if the username
has a space. The ability to fetch IP address-to-username mappings from AD
or other sources is not impacted even when usernames have a space.
WINAGENT-269
After receiving machine account names in UPN format from a Windowsbased User-ID agent, the firewall misidentifies them as user accounts
and overrides usernames with machine names in IP address-to-username
mappings.
This issue is now
resolved. See User-ID
Agent 8.1.1 Addressed
Issues.
USER-ID™ AGENT 8.1 RELEASE NOTES | User-ID Agent 8.1 Release Information
©
11
2018 Palo Alto Networks, Inc.
User-ID Agent 8.1 Addressed Issues
The following tables list the issues that are fixed in Windows-based User-ID™ agent 8.1 releases. For new
features, associated software versions, known issues, or changes in default behavior, see User-ID Agent 8.1
Release Information.
• User-ID Agent 8.1.2 Addressed Issues
• User-ID Agent 8.1.1 Addressed Issues
• User-ID Agent 8.1.0 Addressed Issues
For recent updates to addressed issues for a given PAN-OS® release, refer to https://
live.paloaltonetworks.com/t5/Articles/Critical-Issues-Addressed-in-PAN-OS-Releases/tap/52882.
User-ID Agent 8.1.2 Addressed Issues
Issue
Description
WINAGENT-355
Fixed an issue where a firewall integrated with
the AirWatch Mobile Device Manager (MDM) for
GlobalProtect™ couldn't process Host Information
Profile (HIP) reports received from the Windowsbased User-ID agent.
WINAGENT-343
Fixed an issue where the User-ID credential agent
failed to recognize users that were included in the
Domain Users group after adding the group to
the Allowed RODC Password Replication Group.
With this fix, the group ID is correctly added to the
LDAP query and the agent correctly recognizes
users in the Domain Users group.
WINAGENT-301
Fixed an issue where the User-ID agent incorrectly
added a backslash ( "\" ) character when mapping
and sending a username (with no associated
domain) to the firewall.
User-ID Agent 8.1.1 Addressed Issues
Issue
Description
WINAGENT-269
Fixed an issue where, after receiving machine
account names in UPN format from a Windowsbased User-ID agent, the firewall misidentified
them as user accounts and overrode usernames
with machine names in IP address-to-username
mappings.
WINAGENT-224
Fixed an issue where firewalls running PAN-OS
6.1 couldn’t connect to Windows-based User-ID
12 USER-ID™ AGENT 8.1 RELEASE NOTES | User-ID Agent 8.1 Release Information
©
2018 Palo Alto Networks, Inc.
Issue
Description
agent 8.1.0 because the agent didn’t allow TLSv1.0
connections. With this fix, User-ID agent 8.1.1
and later versions allow TLSv1.0 connections with
firewalls running PAN-OS 6.1.
User-ID Agent 8.1.0 Addressed Issues
The Windows-based User-ID Agent 8.1.0 release has no addressed issues.
USER-ID™ AGENT 8.1 RELEASE NOTES | User-ID Agent 8.1 Release Information
©
13
2018 Palo Alto Networks, Inc.
14 USER-ID™ AGENT 8.1 RELEASE NOTES | User-ID Agent 8.1 Release Information
Getting Help
The following topics provide information on where to find more about our products and how
to request support:
> Related Documentation
> Requesting Support
15
16 USER-ID™ AGENT 8.1 RELEASE NOTES | Getting Help
©
2018 Palo Alto Networks, Inc.
Related Documentation
Refer to the following PAN-OS® 8.1 documentation on the Technical Documentation portal at https://
www.paloaltonetworks.com/documentation for more information about the Palo Alto Networks® NextGeneration Security Platform:
• PAN-OS 8.1 Administrator’s Guide—Provides the concepts and solutions to get the most out of your
Palo Alto Networks next-generation firewalls. This includes taking you through the initial configuration
and basic set up on your Palo Alto Networks firewalls.
• PAN-OS 8.1 Web Interface Reference Guide—Describes how to administer the Palo Alto Networks
firewall using the web interface. The guide is intended for system administrators responsible for
deploying, operating, and maintaining the firewall.
• Palo Alto Networks Compatibility Matrix—Provides operating system and other compatibility
information for Palo Alto Networks next-generation firewalls, appliances, and agents, including where
you can install the User-ID™ agent and which servers it can monitor.
USER-ID™ AGENT 8.1 RELEASE NOTES | Getting Help
©
17
2018 Palo Alto Networks, Inc.
Requesting Support
For contacting support, for information on support programs, to manage your account or appliances, or to
open a support case, refer to https://www.paloaltonetworks.com/support/tabs/overview.html.
For the most current PAN-OS® and Panorama™ 8.1 release notes, go to https://
www.paloaltonetworks.com/documentation/81/pan-os/pan-os-release-notes.html.
To provide feedback on the documentation, please write to us at: [email protected]
18 USER-ID™ AGENT 8.1 RELEASE NOTES | Getting Help
Download
Random flashcards
State Flags

50 Cards Education

Countries of Europe

44 Cards Education

Art History

20 Cards StudyJedi

Sign language alphabet

26 Cards StudyJedi

Create flashcards