04-18-2012 06:34 AM
Hello,
I must use 100 PAN AGENT (limit of product) for a project. Someone have already test to use 100 pan-agent ( 25 by VSYS*5)?
do you know if the Palo alto (PA5060) work fine with this number of pan-agent.
regards,
ALLE
04-19-2012 02:03 AM
Mikhand
because you can't have a shared pan agent when you use VSYS!!.
So if you have 10 vsys and you have 5 site with ACTIVE DIRECTORY and you want do HA on each SITE :
10VSYS*(5 panagent*2(HA))= 100 pan agent
and I can't use an another architecture. (I have already discuss of this problem with Palo Alto)
I just need to know if someone have already try to use 100 PAN AGENT
04-19-2012 02:48 AM
And I guess it wont work if two different VSYS (or for that matter two different PA devices) use the same panagent?
Because (if we ignore redundancy for a short moment) one pan-agent per site will serve whatever this site has in its directory. Then no matter if you use 10 VSYS or 10 PA devices I think they should be able to speak to the same pan-agent (since the pan-agent is just a proxy between how PA wants the information and how the AD (or whatever) can present it).
Or is a pan-agent limited to only serve a single PA device (or VSYS) at a time?
04-25-2012 02:36 AM
Yes I've successfully conected 100 UserID agents. All back to a single vsys.
I've also requested that PA have the 100 UserID agent limit increased and the max DC's limit... as the limits seems arbitrary and unnecessarily restricts design options for large networks.
05-10-2012 07:40 AM
OK I Confirm that PA can support 100 PAN AGENT
thks,
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
