- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
05-30-2018 06:40 AM
Hi Techies,
I have a small doubt whether I can add more than one UIA server in my firewall in the sense that they should behave kind of active passive .
Requirement is something like that I want to secure user id functionality on firewall so that if one of my UIA gets down , then firewall should contact other UIA server for that....
Let me know if we have any solution for it ...
05-30-2018 07:43 AM
Hello,
Your concerns are very valid. It monitors and ingests the information from both agents at the same time on an interval. I belevie it uses timestamps from the windows event logs to resolve conflicts, i.e. one IP has two names.
https://live.paloaltonetworks.com/t5/Configuration-Articles/User-ID-Agent-Setup-Tips/ta-p/54755
Hope that helps.
05-31-2018 12:07 AM
The UIA reads the windows event logs continuously to provide the most current User-IP mappings to the firewall. The firewall then talks to both UIAs and always uses the most current timestamp for an IP. So lets assume the following:
UIA1: domain\johndoe 20180531-06:10:34 10.10.10.10
UIA2: domain\johndoe 20180531-07:23:26 10.10.10.10
In this case the firewall would have received the mapping first from UIA1. As soon as the new mapping is present on UIA2 the firewall updates it's user-ip-mapping table with the new event from UIA2.
05-30-2018 07:22 AM
Hello,
Yes you can have the PAN monitor more than one user-id agent. I have two just to keep things simple and redundant, I have a small environment.
Hope that helps.
Regards,
05-30-2018 07:34 AM
oh thats great if you are using it already !
But I have one doubt , whether panos reads those both servers in sequence ( kind of active -passive style) or it monitors both simulatenously ?
Also, if it monitors both at the same time then isn't it it creates problem ? because it is reading logs from both UIA, so whose result it will give to firewall ?? UIA1 or 2 ?
sorry if it sounds silly but i need clarity before implementing..
thanks
05-30-2018 07:43 AM
Hello,
Your concerns are very valid. It monitors and ingests the information from both agents at the same time on an interval. I belevie it uses timestamps from the windows event logs to resolve conflicts, i.e. one IP has two names.
https://live.paloaltonetworks.com/t5/Configuration-Articles/User-ID-Agent-Setup-Tips/ta-p/54755
Hope that helps.
05-30-2018 11:26 PM
Hey thanks man for the solution....
So , i just need to add just one more UIA under device>user identification> user id agent and thats it right ??
In that way , I would be seein two servers connected ( green) and my firewall will talk to two servers at the same time and if there is any conflict, it would read windows event logs.....to cross verif and send results ...right ?
05-31-2018 12:07 AM
The UIA reads the windows event logs continuously to provide the most current User-IP mappings to the firewall. The firewall then talks to both UIAs and always uses the most current timestamp for an IP. So lets assume the following:
UIA1: domain\johndoe 20180531-06:10:34 10.10.10.10
UIA2: domain\johndoe 20180531-07:23:26 10.10.10.10
In this case the firewall would have received the mapping first from UIA1. As soon as the new mapping is present on UIA2 the firewall updates it's user-ip-mapping table with the new event from UIA2.
05-31-2018 12:37 AM
Thanks man...i got it now...
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!