I know that PA Firewall uses MGT interface to connect to user Identification Agent, I know that most of the other services can be set to use any other interface with the "Service Route Configuration" commands.
Is there any method to use any other interface as a source for communication with User Identification Agent?
Thanks in advance
Solved! Go to Solution.
Actually, you *can* use the Service Route setting to route communications to the User-ID Agent.
In the Service Route Configuration dialog, make sure that you have selected "Show Destinations" at the lower
left hand corner of the dialog. You will see a Destination table on the right with IP/FQDN and Source Address mappings.
At the bottom, there will be a place to add additional mappings.
In the "IP Address or FQDN" field, enter the IP address of your system where the User-ID Agent is installed.
Then, pull down available interfaces on your device and select the appropriate source IP address.
Are there any internal downside of using this method to get data for the pan-agent or ts-agent?
I mean to "force" route it through the dataplane?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!