User-ID CLI and XML API Changes

PAN-OS® 8.0 has the following CLI and XML API changes for User-ID™ features:
Feature
Change
IP address-to-username mapping
  • The operational command to clear User-ID mappings for all IP addresses or a specific IP address has changed:
    • PAN-OS 7.1 and earlier releases:
      >
      clear user-cache {all | ip}
    • PAN-OS 8.0 release:
      >
      clear ipuser-cache {all | ip}
  • The User-ID commands to clear user mappings from the dataplane have changed:
    • PAN-OS 7.1 and earlier releases:
      >
      clear uid-gids-cache uid
      <1-2147483647>
      >
      clear uid-gids-cache all
    • PAN-OS 8.0 release:
      >
      clear uid-cache uid
      <1-2147483647>
      >
      clear uid-cache all
PAN-OS integrated User-ID agent
CLI commands related to configuring the User-ID agent must now include
host-port
:
  • PAN-OS 7.1 and earlier releases:
    #
    set user-id-agent
    <name>
    host {
    <ip/netmask>
    |
    <value>
    }
    #
    set user-id-agent
    <name>
    port
    <1-65535>
    #
    set user-id-agent
    <name>
    ntlm-auth {yes | no}
    #
    set user-id-agent
    <name>
    ldap-proxy {yes | no}
    #
    set user-id-agent
    <name>
    collectorname
    <value>
    #
    set user-id-agent
    <name>
    secret
    <value>
  • PAN-OS 8.0 release:
    #
    set user-id-agent
    <name>
    host-port host {
    <ip/netmask>
    |
    <value>
    }
    #
    set user-id-agent
    <name>
    host-port port
    <1-65535>
    #
    set user-id-agent
    <name>
    host-port ntlm-auth {yes | no}
    #
    set user-id-agent
    <name>
    host-port ldap-proxy {yes | no}
    #
    set user-id-agent
    <name>
    host-port collectorname
    <value>
    #
    set user-id-agent
    <name>
    host-port secret
    <value>

Related Documentation