Palo Alto User-ID Agent Upgrade

Palo Alto User-ID Agent Upgrade
Palo Alto User-ID Agent Upgrade

Palo Alto Networks has this awesome program called the User Identification Agent, aka the User-ID Agent. It allows you to identify which device a user is using, allowing you to craft security policy rules based on the users themselves.

In this post, I will show you step-by-step how to upgrade the Palo Alto Networks User-ID Agent.

Prerequisites

  • Verify that the new User-ID agent version is compatible with your current PAN-OS.

The User-ID Agent is typically compatible with the same release number along with earlier still-supported PAN-OS versions. For example, User-ID agent 11.0 works with PAN-OS 11.0 and earlier. You can confirm this by reading the OS Compatibility section in the release notes.

The Process

  • Log in to the Palo Alto Networks Customer Support Portal.
  • Click on Updates.
  • Click on Software Updates.
  • Select the User Identification Agent.
  • Click on the version you need to start the download.
  • Connect to the server that is running the Palo Alto User-ID Agent.
  • Open Services.
  • Stop the User-ID Agent service.
  • Backup the current User-ID Agent configuration by zipping the User-ID Agent install folder and saving the Zip file in another location.

Typically the User-ID agent is installed to C:\Program Files (x86)\Palo Alto Networks\User-ID Agent

  • Start installing the new version of the User-ID Agent.
  • Click Next.
  • Select the install folder to which the User-ID agent is installed and click Next.
  • Start the installation by clicking Next.
  • Wait while the new Palo Alto User-ID agent is installed over the existing User-ID agent.
  • Click Close to exit the installer.
  • Confirm that the User-ID Agent service is running.
  • Open the User-ID Agent program.
  • Confirm that everything is connected and all your configurations from the old version are present.

If you are running a Palo Alto firewall in HA in the Active/Passive configuration, only the active firewall will show as connected.

  • Login to the Palo Alto Networks firewall.
  • Click on Device.
  • Click on Data Redistribution.
  • Confirm that the Data Redistribution agents are connected.

That’s all it takes to upgrade the Palo Alto Networks User-ID Agent.

If you want to read more about the Palo Alto Network User-ID Agent upgrade, here is the Palo Alto knowledge base article and if you want to read more about User-ID in general here is the Palo Alto documentation.

One response to “Palo Alto User-ID Agent Upgrade

Leave a comment

Your email address will not be published. Required fields are marked *