12-12-2011 05:52 AM
I had a test related to User-ID with PNA Agent for AD.
This environment has a little unusual and It is called a SBC (Server Based Computing).
I tried to apply User-ID with PAN Agent for AD but it was not working as my intention.
Clients must access remote desktop to run application throughout SBC.
Clearly, clients have a domain login to access SBC.
All users have a different user name but they have a same IP during use a SBC.
Namely, SBC clients have a different user name but same IP address at the same time.
Is it possible to apply user-id at this environment??
12-12-2011 06:17 AM
Are we talking about virtual desktops or terminal server/citrix here? Please elaborate a bit further on the subject.
12-12-2011 01:19 PM
Yes...
it is definitely related to a terminal server/citrix.
clients must access terminal server/citrix to run an application.
and they must have a domain login when they access terminal server/citrix.
therefore they have a same IP and different username at the same time.
is it possible to apply user-id ??
Thansk.
12-13-2011 03:34 AM
There is an agent for terminal server (TS) that you can use. The TS agent can be downloaded under the software section. This agent is different than the PAN agent.
Thanks.
12-13-2011 04:06 AM
Thanks for reply.
i have two best important conditions for deploying a user-id.
1. one of point is that we must deploy user-id without captive portal.
2. and more import thing is that can i have a configuration for user-id with map one ip-address by many clinet at the same time??
is it possible to deploy user-id with be satisfied with my important two conditions even though we will use Terminal Agent ??.
Please let me know.
Thanks
12-13-2011 04:31 AM
Yes, the TS Agent will meet both your requirements. You will need to install the TS agent on every terminal server.
Thanks.
12-13-2011 06:57 PM
Many thanks for your answer
I have a test for a TS-Agent and I can see username only from web traffic.
I have couple of questions regarding of TS-Agent after test.
1. I can’t see a username excluding a web access from traffic monitoring after installed TS-Agent.
When I send a ping or accessing a SSH or send a DNS query, I can’t see any usernames in the traffic monitoring.
is it working well as a concept of TS-Agent?
2. Is it impossible to browse for adding users in the security policy?
I can’t browse a username to add a username in the User field Security policy.
So I just added a username into the user field by type out a keyboard.
3. is it possible to add as a user group in the user field security policy?
i couldn't browse a username or a user group to add a user or group in the security policy.
12-13-2011 07:17 PM
Hi...1) The TS agent is allocating TCP ports to each user as they generate traffic. If you test with other apps like telnet, FTP, SSH then it should work & you should see the username. Ping is ICMP and DNS is probably UDP so the TS agent can't assigned TCP ports.
2) and 3) If your network is Active Directory (AD), you can install the PAN agent and point the PA device to use the PAN agent. The PAN agent will supply the PA device with domain usernames & AD groups and then they will be selectable in the Securite Rules. The PA device needs to know the members for each AD groups to enforce group policy, so it needs the group information.
Thanks.
12-14-2011 12:14 AM
Hi...
Thanks for reply..
I already have an active directory.
As a result of your answer, I think i must have both TS-Agent and PAN-Agent to meet requirement that add a group and to browse.
Your answer has great help to me.
Thanks again.
Thanks.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
