Skip to main content

200050 - Username Mapping Failed

Agent error code #200050 occurs when the Knocknoc agent attempts to map a username to an IP address on a Palo Alto Networks firewall, but the firewall rejects the request. User-ID mapping is a PAN-OS feature that associates usernames with IP addresses. User mapping occurs when performing both a Knocknoc grant and revoking a Knocknoc grant, with a Login and Logout event respectively.

Common causes for issues in this process are:

  • The specified virtual system does not exist or doesn't have User-ID enabled
  • The API key is valid for authentication but lacks specific permissions for User-ID operations
  • The firewall has policies or configurations that reject the specific user-to-IP mapping

Steps to Resolve

Check API Key Permissions for User-ID

See the Palo Alto setup guide: TODO for the specific permissions required for the API user to perform username mapping.

Username Mappings do not Appear in Panorama

If username mappings are sent to a target firewall through a Panorama instance, the User-ID events will not appear in Panorama. These events are found in the User-ID section of the underlying Palo Alto firewall.

Still Having Issues?

We can help you out, contact us at support@knocknoc.io.

Back to top