topic Identity Awareness randomly loosing identitys in Firewall and Security Management

Identity Awareness randomly loosing identitys

lesmona — Fri, 05 Sep 2025 07:29:31 GMT

Hello everyone, I use Identity Awareness on all our gateways. We get the identities from the Identity Collector, which I installed on each domain controller. Most locations have only one DC. The problem I'm having is at the main site. I have three domain controllers with three Identity Collectors there. It's working quite well so far, but unfortunately, sometimes individual users lose their identity. From one second to the next. I then see in the log that only the IP address is displayed and no longer the username! I've attached a screenshot of the log. In this example, the user "Emanuel" suddenly loses his "identity." This is, of course, extremely unfortunate, since our rules are based entirely on Identity Awareness. I checked in the CLI whether the gateway still recognizes the user and has the correct IP assignment. Result: Yes, everything is still there. The IP address matches the username. Nevertheless, as you can see, he falls into a drop rule. I suspect it's a timeout issue. Perhaps an idle timeout? I just can't find a way to increase the timeout. Or am I on the wrong track and do you have another solution? Thank you very much for your help.

Re: Identity Awareness randomly loosing identitys

PhoneBoy — Fri, 05 Sep 2025 17:20:54 GMT

Without knowing more about your environment, which includes:

Version/JHF of gateways and management
Version of Identity Collector
The relationship between Identity Collector, Active Directory, and Gateways

It's hard to know where to start on this.
The actual log in/out events, which are shown in the screenshot provided, should be reviewed to see if they provide any clues.
You will need to see the full log card.

Re: Identity Awareness randomly loosing identitys

the_rock — Sun, 07 Sep 2025 19:21:04 GMT

This is the IA debug TAC gave me while back, so you can definitely run it and see if it helps. I do agree with Phoneboy that we need full log details, just blour out any sentisive data.

Andy

debugs:

# cd $FWDIR/log
# rm pdpd.elg.*
# echo "=debug_start=" >> $FWDIR/log/pdpd.elg
(•) To turn pdp debug on:
# adlog a d on
# pdp debug on
# pep debug on
# pdp debug set all all
(•) Replicate the issue
(•) To turn them off:
# adlog a d off
# pdp debug unset all all
# pdp debug off
# pep debug off
# pdp d reset
# pep d unset all all
Collect debug:
$FWDIR/log/pdpd.elg
# tar zcvf pdpd_debugs.tgz pdpd.elg*
# tar zcvf pepd_debugs.tgz pepd.elg*

Re: Identity Awareness randomly loosing identitys

lesmona — Mon, 08 Sep 2025 14:15:20 GMT

Hello everyone,
I've learned something new: the "pdp control sync" command fixes my problem, and it works again immediately. Now, of course, the question is why the database isn't replicating properly in the cluster system with R81.20 Take 113. Are there any settings or something similar?

Re: Identity Awareness randomly loosing identitys

the_rock — Mon, 08 Sep 2025 14:06:43 GMT

Just tried it on both R81.20 and R82. but get below...

Andy

[Expert@CP-FW-01:0]# pep control sync
Command: root->control
Unknown option: sync

Available options:
portal_dual_stack - portal dual stack (IPv4 and IPv6) support
extended_info_storage - should the PEP store extended identities info for debugging or not
tasks_manager - the task manager menu
kbuf_cache - Kbuf cache configuration
gbuf_cache - Gbuf cache configuration
identity_cache_mode - Identity Cache mode configuration

[Expert@CP-FW-01:0]#

Re: Identity Awareness randomly loosing identitys

lesmona — Mon, 08 Sep 2025 14:11:05 GMT

sorry : pdp control sync

Re: Identity Awareness randomly loosing identitys

the_rock — Mon, 08 Sep 2025 14:12:26 GMT

Thats better : - )

[Expert@CP-FW-01:0]# pdp control sync
a sync message will be sent to relevant gateways
[Expert@CP-FW-01:0]#

Re: Identity Awareness randomly loosing identitys

lesmona — Tue, 09 Sep 2025 07:29:12 GMT

I have to manually initiate the sync every now and then. Is there a way to check why this is happening? I can't do this manual sync multiple times a day when it should happen automatically.

Re: Identity Awareness randomly loosing identitys

the_rock — Tue, 09 Sep 2025 10:22:45 GMT

How often though?

Andy

Re: Identity Awareness randomly loosing identitys

lesmona — Tue, 09 Sep 2025 11:39:57 GMT

today like 10 times.

Re: Identity Awareness randomly loosing identitys

the_rock — Tue, 09 Sep 2025 11:41:44 GMT

That is not normal, for sure. I would open TAC case to investigate.

Re: Identity Awareness randomly loosing identitys

PhoneBoy — Tue, 09 Sep 2025 15:13:02 GMT

Running the command periodically via cron might be a good idea in the short term while you investigate the issue with TAC,