Skip to main content

200050 - Username Mapping Failed

Agent error code #200050 occurs when the Knocknoc agent attempts to map a username to an IP address on a Palo Alto Networks firewall, but the firewall rejects the request. User-ID mapping is a PAN-OS feature that associates usernames with IP addresses. User mapping occurs when performing both a Knocknoc grant and revoking a Knocknoc grant, with a Login and Logout event respectively.

Common causes for issues in this process are:

  • The specified virtual system does not exist or doesn't have User-ID enabled
  • The API key is valid for authentication but lacks specific permissions for User-ID operations
  • The firewall has policies or configurations that reject the specific user-to-IP mapping

Steps to Resolve

Check API Key Permissions for User-ID

See the Palo Alto setup guide for the specific permissions required for the API user to perform username mapping.

Username Mappings do not Appear in Panorama

If username mappings are sent to a target firewall through a Panorama instance, the User-ID events will not appear in Panorama. These events are found in the User-ID section of the underlying Palo Alto firewall.

Still Having Issues?

We can help you out, contact us at support@knocknoc.io.

Back to top