This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Help - Userid Responsiveness

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Help - Userid Responsiveness

jhickey
L3 Networker

‎04-23-2012 05:31 AM

We're at the point where we want to apply URL Filtering policies based on userid. This means its very important that Pan-Agent is accurately identifying users. We did a test and added a user to a monitored group. The policy started working properly. We took him out and it took hours before the policy reverted properly.

We only have 1 PanAgent deployed on a member server. Can I make the identification more resposive by deploying more agents to multiple places ? To specific servers ? Domain Controllers ?

Any opinions on if this is a reliable enough process when tuned correctly ?

Any help would be appreciated.

Thanks,

Justin

0 Likes Likes
2 REPLIES 2

shasnain
L4 Transporter

‎05-01-2012 12:21 PM

Hi,

The new UID agent is very good. You can have one UID agent pull information from mulitple domains as well. Generally you can use one UID agent and connect multiple Domain controllers to it and do user to ip mapping and it should be no problem for the agent.

If you feel that you need to install more than one UID agent for more resposive by deploying more agents to multiple places for specific servers and Domain Controllers you can do that as well.

Thanks,

Syed Hasnain

rmonvon
L6 Presenter

‎05-03-2012 08:25 AM

Hi...Is it well-known that Windows servers do not record logoff events reliably:

http://social.technet.microsoft.com/Forums/en-US/windowsserver2008r2management/thread/aaff36f4-f818-...

As such, we only detect logon events.  In your testing, you should try to logoff user1 and then login as user2.  The PA device should pick up user2 immediately to accurately reflect the changing of the user.

As suggested, you should use the latest 4.1 UserID agent.  The 4.1 UserID agent supports the monitoring of logon events on Exchange servers where most devices will have access to email via active-async.  You can set active-sync to login frequently and the PA device will update accordingly.

You can also enable WMI probing on the UserID agent to monitor user status as well.  Thanks.

  • 1881 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks