This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

PAN AGENT CAPACITY BY VSYS

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

PAN AGENT CAPACITY BY VSYS

alle
L3 Networker

‎03-26-2012 09:04 AM

hello,

I have seen the following information for pan agent capacity

Capacity

User Identification capacity limits:

• The PA-4000 series can support up to 64,000 concurrent users; the PA-2000 series can

support up to 47,000 concurrent users.

• Up to 640 groups can be used in policies for each virtual system (vsys)

• Each UIA can connect to up to 10 Domain Controllers

Each firewall can support up to 100 UIA’s

Limit of 100 entries each in the Allow and Ignore list on the UIA

• Only 1 NTLM handshake can be in process between a UIA and AD server at a time

And I have the following question : the support of 100 user id agent is for each VSYS or Globally?? because in 4.0 you can not shared pan-agent configuration. And if you have 10 VSYS with 12 PAN AGENT we must configure 120 PAN AGENT on your PA.

thanks for your answer,

Alex

0 Likes Likes
3 REPLIES 3

mikand
L6 Presenter

‎03-26-2012 12:07 PM

I think this is in total.

VSYS in PAN (and most other devices for that matter) is just to segment the dataplane. You still have a single mgmtplane and its the mgmtplane who does the User-ID Agent identification and stuff.

alle
L3 Networker
In response to mikand

‎03-28-2012 05:26 AM

mikand I confirm, this is in total! when I create more than 100 pan agent I see the following message:


Server error :  constraints failed : No. of agents configured exceeds maximum allowed(100)
[edit]

0 Likes Likes

ucteam
Not applicable

‎04-25-2012 02:44 AM

Another point .. this information is perhaps out of date  "Each UIA can connect to up to 10 Domain Controllers"

The older 3.x UIA Agents by "default" would monitor only 10 domain controllers, but if you manually edited the XML config file you could get them to monitor 100  e.g <max-dc>100</max-dc>

I believe the new 4.x UIA have this setting by default now.

0 Likes Likes
  • 2227 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks