topic User ID firewall integration with mapping server or AD in Next-Generation Firewall Discussions https://live.paloaltonetworks.com/t5/next-generation-firewall/user-id-firewall-integration-with-mapping-server-or-ad/m-p/523101#M640 <P>Have to enable User-ID for corporates users. Not able to locate documentation around best practices for user id. for&nbsp; example in my scenario.</P> <P>&nbsp;</P> <P>we have one domain xyz.com with 50 domain controllers to monitor. we have winRM installed on all the domain controllers. So we will be considering doing agentless user id integration.</P> <P>&nbsp;</P> <P>my questions are following.</P> <P>&nbsp;</P> <P>&gt; Can firewall PA 5250 integrate directly with active directory server using LDAP and capable of monitoring 50 domain controllers using winRM?&nbsp;</P> <P>&gt; Should we consider having user mapping server which will be integrating with AD server using LDAP and firewall will just monitor 2 user mapping servers (primary &amp; secondary)?&nbsp;</P> <P>&gt; what are the issue that we may experience with any of the setup in operations?</P> <P>&gt; what are other best alternative we can explore?</P> Fri, 02 Dec 2022 04:18:05 GMT Sukhmeet 2022-12-02T04:18:05Z User ID firewall integration with mapping server or AD https://live.paloaltonetworks.com/t5/next-generation-firewall/user-id-firewall-integration-with-mapping-server-or-ad/m-p/523101#M640 <P>Have to enable User-ID for corporates users. Not able to locate documentation around best practices for user id. for&nbsp; example in my scenario.</P> <P>&nbsp;</P> <P>we have one domain xyz.com with 50 domain controllers to monitor. we have winRM installed on all the domain controllers. So we will be considering doing agentless user id integration.</P> <P>&nbsp;</P> <P>my questions are following.</P> <P>&nbsp;</P> <P>&gt; Can firewall PA 5250 integrate directly with active directory server using LDAP and capable of monitoring 50 domain controllers using winRM?&nbsp;</P> <P>&gt; Should we consider having user mapping server which will be integrating with AD server using LDAP and firewall will just monitor 2 user mapping servers (primary &amp; secondary)?&nbsp;</P> <P>&gt; what are the issue that we may experience with any of the setup in operations?</P> <P>&gt; what are other best alternative we can explore?</P> Fri, 02 Dec 2022 04:18:05 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/user-id-firewall-integration-with-mapping-server-or-ad/m-p/523101#M640 Sukhmeet 2022-12-02T04:18:05Z Re: User ID firewall integration with mapping server or AD https://live.paloaltonetworks.com/t5/next-generation-firewall/user-id-firewall-integration-with-mapping-server-or-ad/m-p/523357#M647 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/207164">@Sukhmeet</a>&nbsp;</P> <P>&nbsp;</P> <P>Check out these links to help you make a better decision.</P> <P>&nbsp;</P> <P><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClpICAS" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClpICAS</A></P> <P>&nbsp;</P> <P><A href="https://live.paloaltonetworks.com/t5/blogs/dotw-windows-based-uid-agent-vs-agentless-uid/ba-p/498217" target="_blank">https://live.paloaltonetworks.com/t5/blogs/dotw-windows-based-uid-agent-vs-agentless-uid/ba-p/498217</A></P> <P>&nbsp;</P> <P><A href="https://live.paloaltonetworks.com/t5/blogs/dotw-windows-based-uid-agent-vs-agentless-uid/ba-p/498217#:~:text=If%20the%20firewall%20is%20already%20heavily%20loaded%20and%20you%20have%20a%20lot%20of%20DCs%20to%20query%2C%20then%20agentless%20UID%20might%20not%20be%20the%20ideal%20solution.%20In%20this%20case%2C%20using%20a%20user%2DID%20agent%20will%20offload%20some%20processing%20from%20the%20firewall" target="_blank">https://live.paloaltonetworks.com/t5/blogs/dotw-windows-based-uid-agent-vs-agentless-uid/ba-p/498217#:~:text=If%20the%20firewall%20is%20already%20heavily%20loaded%20and%20you%20have%20a%20lot%20of%20DCs%20to%20query%2C%20then%20agentless%20UID%20might%20not%20be%20the%20ideal%20solution.%20In%20this%20case%2C%20using%20a%20user%2DID%20agent%20will%20offload%20some%20processing%20from%20the%20firewall</A>.</P> <P>&nbsp;</P> <P>Cheers</P> Tue, 06 Dec 2022 01:18:10 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/user-id-firewall-integration-with-mapping-server-or-ad/m-p/523357#M647 Metgatz 2022-12-06T01:18:10Z