User-ID CLI and XML API Changes

PAN-OS® 8.0 has the following CLI and XML API changes for User-ID™ features:
Feature
Change
IP address-to-username mapping
  • The operational command to clear User-ID mappings for all IP addresses or a specific IP address has changed:
    • PAN-OS 7.1 and earlier releases:
      > clear user-cache {all | ip}
    • PAN-OS 8.0 release:
      > clear ipuser-cache {all | ip}
  • The User-ID commands to clear user mappings from the dataplane have changed:
    • PAN-OS 7.1 and earlier releases:
      > clear uid-gids-cache uid <1-2147483647>
      > clear uid-gids-cache all
    • PAN-OS 8.0 release:
      > clear uid-cache uid <1-2147483647>
      > clear uid-cache all
PAN-OS integrated User-ID agent
CLI commands related to configuring the User-ID agent must now include host-port:
  • PAN-OS 7.1 and earlier releases:
    # set user-id-agent <name> host {<ip/netmask> | <value>}
    # set user-id-agent <name> port <1-65535>
    # set user-id-agent <name> ntlm-auth {yes | no}
    # set user-id-agent <name> ldap-proxy {yes | no}
    # set user-id-agent <name> collectorname <value>
    # set user-id-agent <name> secret <value>
  • PAN-OS 8.0 release:
    # set user-id-agent <name> host-port host {<ip/netmask> | <value>}
    # set user-id-agent <name> host-port port <1-65535>
    # set user-id-agent <name> host-port ntlm-auth {yes | no}
    # set user-id-agent <name> host-port ldap-proxy {yes | no}
    # set user-id-agent <name> host-port collectorname <value>
    # set user-id-agent <name> host-port secret <value>

Related Documentation