In a large-scale User-ID deployment in a dynamic network, customers deploy thousands of firewalls that they want to scale dynamically while ensuring that the firewalls can still get IP-User mappings from the Windows User-ID agent.
For this type of large-scale deployment, customers may run into following challenges:
To address these challenges, customers can use an F5 load balancer between NGFWs and User-ID agents. This article will explain the architecture and the configuration required for this integration.
This example architecture has thousands of firewalls reading IP-User mappings via Windows User-ID agents from security events generated on multiple domain controllers. The firewalls don’t connect directly to Windows User-ID agents but through an F5 load balancer. All of the Windows User-ID agents are configured to connect to the same Windows Domain Controllers to ensure that all Windows User-ID agents have a complete list of IP-User mappings and also to ensure that the firewall gets the same mappings regardless of which Windows User-ID agent is sending them.
Step 1: Configure Windows User-ID agents to all connect to the same Windows Domain Controllers.
Step 2: Configure the F5 load balancer to connect to your Windows User-ID agents.
Please refer to the F5 documentation to configure the F5 load balancer. We are only providing the necessary steps to connect the F5 load balancer to Windows User-ID agents.
Step 3: Configure the firewall to connect to the F5 load balancer as the User-ID agent.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!