I had a test related to User-ID with PNA Agent for AD.
This environment has a little unusual and It is called a SBC (Server Based Computing).
I tried to apply User-ID with PAN Agent for AD but it was not working as my intention.
Clients must access remote desktop to run application throughout SBC.
Clearly, clients have a domain login to access SBC.
All users have a different user name but they have a same IP during use a SBC.
Namely, SBC clients have a different user name but same IP address at the same time.
Is it possible to apply user-id at this environment??
it is definitely related to a terminal server/citrix.
clients must access terminal server/citrix to run an application.
and they must have a domain login when they access terminal server/citrix.
therefore they have a same IP and different username at the same time.
is it possible to apply user-id ??
Thanks for reply.
i have two best important conditions for deploying a user-id.
1. one of point is that we must deploy user-id without captive portal.
2. and more import thing is that can i have a configuration for user-id with map one ip-address by many clinet at the same time??
is it possible to deploy user-id with be satisfied with my important two conditions even though we will use Terminal Agent ??.
Please let me know.
Many thanks for your answer
I have a test for a TS-Agent and I can see username only from web traffic.
I have couple of questions regarding of TS-Agent after test.
1. I can’t see a username excluding a web access from traffic monitoring after installed TS-Agent.
When I send a ping or accessing a SSH or send a DNS query, I can’t see any usernames in the traffic monitoring.
is it working well as a concept of TS-Agent?
2. Is it impossible to browse for adding users in the security policy?
I can’t browse a username to add a username in the User field Security policy.
So I just added a username into the user field by type out a keyboard.
3. is it possible to add as a user group in the user field security policy?
i couldn't browse a username or a user group to add a user or group in the security policy.
Hi...1) The TS agent is allocating TCP ports to each user as they generate traffic. If you test with other apps like telnet, FTP, SSH then it should work & you should see the username. Ping is ICMP and DNS is probably UDP so the TS agent can't assigned TCP ports.
2) and 3) If your network is Active Directory (AD), you can install the PAN agent and point the PA device to use the PAN agent. The PAN agent will supply the PA device with domain usernames & AD groups and then they will be selectable in the Securite Rules. The PA device needs to know the members for each AD groups to enforce group policy, so it needs the group information.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!