We're at the point where we want to apply URL Filtering policies based on userid. This means its very important that Pan-Agent is accurately identifying users. We did a test and added a user to a monitored group. The policy started working properly. We took him out and it took hours before the policy reverted properly.
We only have 1 PanAgent deployed on a member server. Can I make the identification more resposive by deploying more agents to multiple places ? To specific servers ? Domain Controllers ?
Any opinions on if this is a reliable enough process when tuned correctly ?
Any help would be appreciated.
The new UID agent is very good. You can have one UID agent pull information from mulitple domains as well. Generally you can use one UID agent and connect multiple Domain controllers to it and do user to ip mapping and it should be no problem for the agent.
If you feel that you need to install more than one UID agent for more resposive by deploying more agents to multiple places for specific servers and Domain Controllers you can do that as well.
Hi...Is it well-known that Windows servers do not record logoff events reliably:
As such, we only detect logon events. In your testing, you should try to logoff user1 and then login as user2. The PA device should pick up user2 immediately to accurately reflect the changing of the user.
As suggested, you should use the latest 4.1 UserID agent. The 4.1 UserID agent supports the monitoring of logon events on Exchange servers where most devices will have access to email via active-async. You can set active-sync to login frequently and the PA device will update accordingly.
You can also enable WMI probing on the UserID agent to monitor user status as well. Thanks.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!