Palo Alto Networks has this awesome program called the User Identification Agent, aka the User-ID Agent. It allows you to identify which device a user is using, allowing you to craft security policy rules based on the users themselves.
In this post, I will show you step-by-step how to upgrade the Palo Alto Networks User-ID Agent.
Prerequisites
- Verify that the new User-ID agent version is compatible with your current PAN-OS.
The User-ID Agent is typically compatible with the same release number along with earlier still-supported PAN-OS versions. For example, User-ID agent 11.0 works with PAN-OS 11.0 and earlier. You can confirm this by reading the OS Compatibility section in the release notes.
The Process
- Log in to the Palo Alto Networks Customer Support Portal.
- Click on Updates.
- Click on Software Updates.
- Select the User Identification Agent.
- Click on the version you need to start the download.
- Connect to the server that is running the Palo Alto User-ID Agent.
- Open Services.
- Stop the User-ID Agent service.
- Backup the current User-ID Agent configuration by zipping the User-ID Agent install folder and saving the Zip file in another location.
Typically the User-ID agent is installed to C:\Program Files (x86)\Palo Alto Networks\User-ID Agent
- Start installing the new version of the User-ID Agent.
- Click Next.
- Select the install folder to which the User-ID agent is installed and click Next.
- Start the installation by clicking Next.
- Wait while the new Palo Alto User-ID agent is installed over the existing User-ID agent.
- Click Close to exit the installer.
- Confirm that the User-ID Agent service is running.
- Open the User-ID Agent program.
- Confirm that everything is connected and all your configurations from the old version are present.
If you are running a Palo Alto firewall in HA in the Active/Passive configuration, only the active firewall will show as connected.
- Login to the Palo Alto Networks firewall.
- Click on Device.
- Click on Data Redistribution.
- Confirm that the Data Redistribution agents are connected.
That’s all it takes to upgrade the Palo Alto Networks User-ID Agent.
If you want to read more about the Palo Alto Network User-ID Agent upgrade, here is the Palo Alto knowledge base article and if you want to read more about User-ID in general here is the Palo Alto documentation.
