User Identification Agent with Active Directory

Reply
Highlighted
L0 Member

User Identification Agent with Active Directory

I know that PA Firewall uses MGT interface to connect to user Identification Agent, I know that most of the other services can be set to use any other interface with the "Service Route Configuration" commands.

Is there any method to use any other interface as a source for communication with User Identification Agent?

Thanks in advance

Tags (2)
L0 Member

Re: User Identification Agent with Active Directory

Hi,

Actually, you *can* use the Service Route setting to route communications to the User-ID Agent.

In the Service Route Configuration dialog, make sure that you have selected "Show Destinations" at the lower

left hand corner of the dialog. You will see a Destination table on the right with IP/FQDN and Source Address mappings.

At the bottom, there will be a place to add additional mappings.

In the "IP Address or FQDN" field, enter the IP address of your system where the User-ID Agent is installed.

Then, pull down available interfaces on your device and select the appropriate source IP address.

Capture-12-21-00001.jpg

rps
L3 Networker

Re: User Identification Agent with Active Directory

Are there any internal downside of using this method to get data for the pan-agent or ts-agent?

I mean to "force" route it through the dataplane?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!