Troubleshooting

You can use the following CLI commands on the Palo Alto Networks firewall for troubleshooting:

•show user ip-user-mapping all— Displays the table of user identities mapped to IP addresses.

•show object registered-address all — Displays the table of addresses with user information associated.

For identity management using Palo Alto Networks firewall only minimum Admin role permissions are sufficient. Ensure that the XML API rights on the Palo Alto Networks UI is enabled as shown in the below screenshot.

Admin can choose to disable other options from the Web UI tab of the Palo Alto Networks UI as per the security requirement.