- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
04-17-2020 05:00 AM
Hello ,
We have integrated already the AD ( 3 Servers for redundancy)
The User id we are using is the default one which is on the PA FW
The domain is abc.nl . The setup is working .
Now we are building an entirely new domain called abc.es . migration may take time
There is no trust and the forest is different .
So is it possible to have two different domain from two different forest . ?
What is the recommendation ?
and is it possible to have user id agent for this new domain on PA or we have to install it on AD server ?
From my view it is more complex to have both but the catch here is that domain abc is same so i need to know what are the limitations of using two different domain
one is to have to add it in each policy where old one is being used ?
04-17-2020 12:47 PM
When you have to have information from multiple domains it's best to simply utilize the user-id agent installation for each domain and pull the information into the firewall from the agent instead of the integrated agent.
04-19-2020 09:51 AM
what are the limitations of installing an Agent software on AD member .
This is a risk to install on AD
04-19-2020 04:10 PM
Hello,
Last week I have worked in the same case, of multiple domains.
If you don't use the User-ID Agent and configure multiple domains, perhaps you will have inconsistent domain issues. Some users will be authenticated with the NetBIOS (netbios\user) and some others with the FQDN (fqdn\user).
If you don't want to install the agent on the AD server, you can install it on another computer. It is gonna work. If you decide to install the agent on the AD Server, the Agent will have access to all Security logs of the AD, but the Agent is gonna filter the logs based on what it needs to UserID.
My recommendation is to install it.
I hope it helps!
Regards,
08-12-2021 12:28 AM
Is it possible to run two agent from same server? Or i want to add multiple domains in same agent.
08-12-2021 07:42 AM
Hello,
I didn't see any deployment in where 2 agents are on the same server. You install one agent, and that agent can monitor up to 100 domain controllers. If you want redundancy, you can install another agent, but on a different server.
I hope it helps!
Regards,
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!