topic Re: User ID Agent Questions (Windows & Intergrated) in General Topics

User ID Agent Questions (Windows & Intergrated)

MarioMarquez — Thu, 09 Aug 2018 04:10:42 GMT

I am taking online trainging & I would be super thankful if someone with solid PA experience could answer some questions & provide any helpful feedback. I have a list of true or false questions & I just want to make sure my brain is processing all this information.

True or False

The Windows agent gets installed on the domain server(s) only NOT all of the endpoints them selves?

True or False

In most cases the Windows based agent running on the domain server sends username & IP data to the firewall effectively without enabling WMI Client Probing?

True or False

For environments where users are constantly switching from wired to wireless connections & IP's change frequently on the end points, the Windows agent works pretty well without the need for the wireless controller (or other log collectors) to send syslogs to the firewall?

True or False

For a large environment with 7000 users (2000 local/5000 remotely connecting via MPLS to PA in data center) the Windows based agent is the best way to go?

True or False

The Windows agent works well for remote users connecting to network via Anyconnect SSL client without the need to send syslogs to the firewall?

Re: User ID Agent Questions (Windows & Intergrated)

Mick_Ball — Thu, 09 Aug 2018 11:40:14 GMT

ok in brief... perhaps a more tech answer will follow.. please observe end note...

True or False

The Windows agent gets installed on the domain server(s) only NOT all of the endpoints them selves?

True,

True or False

In most cases the Windows based agent running on the domain server sends username & IP data to the firewall effectively without enabling WMI Client Probing?

True,

True or False

True,

True or False

For a large environment with 7000 users (2000 local/5000 remotely connecting via MPLS to PA in data center) the Windows based agent is the best way to go?

True but extra true if servers are more local to users than the PA's.

True or False

The Windows agent works well for remote users connecting to network via Anyconnect SSL client without the need to send syslogs to the firewall?

True.

my answers are based on my setup/relationship between AD,users and devices.

thay are only true as all users and devices authenticate against AD on several occasions throughout the day.

I also have a timeout set to 24 hours...

for other setups the answers may be more of a maybe or false depending on how much activity goes on between the user and AD.

if your users are all domain members and do lots of email and file sharing, drive connecting etc then the windows security log will be frequently updated with user-ip info and this is the needy fulfilment of the log collecter agent thingy to work efficiently.

I would elaborate further but need to attend my dental appointment where no doubt i will have half my face removed for a large fee...

Re: User ID Agent Questions (Windows & Intergrated)

MarioMarquez — Thu, 09 Aug 2018 13:12:06 GMT

Thanks MickBall! We are replacing our ASA in our main datacenter this month & I am trying to gauge how straight forward our User ID implementation will be. The company I work for has 7000 employees most of which are not directly connected to the data center. We use the traditional MPLS cloud setup with all internet traffic traversing our main data center at over 60 sites. Even our remote users working from home traverse the data center. We also have a robust wireless environment with multiple Aruba controllers & there is a high frequency of IP changes on the end points. It's good to know there are advanced probing features & that the PA can be setup as a sylog listener incase the size & structure of our user base challenges User ID technology in our situation.