USE IDENTIFICATION WITH 100 PAN AGENT

cancel
Showing results for 
Search instead for 
Did you mean: 

USE IDENTIFICATION WITH 100 PAN AGENT

L3 Networker

Hello,

I must use 100 PAN AGENT (limit of product) for a project. Someone have already test to use 100 pan-agent ( 25 by VSYS*5)?

do you know if the Palo alto (PA5060) work fine with this number of pan-agent.

regards,

ALLE

5 REPLIES 5

L6 Presenter

Sorry I havent tested that many but what kind of limit is forcing you do to this?

Mikhand

because you can't have a shared pan agent when you use VSYS!!.

So if you have 10 vsys and you have 5 site with ACTIVE DIRECTORY and you want do HA on each SITE :

10VSYS*(5 panagent*2(HA))= 100 pan agent

and I can't use an another architecture. (I have already discuss of this problem with Palo Alto)

I just need to know if someone have already try to use 100 PAN AGENT

And I guess it wont work if two different VSYS (or for that matter two different PA devices) use the same panagent?

Because (if we ignore redundancy for a short moment) one pan-agent per site will serve whatever this site has in its directory. Then no matter if you use 10 VSYS or 10 PA devices I think they should be able to speak to the same pan-agent (since the pan-agent is just a proxy between how PA wants the information and how the AD (or whatever) can present it).

Or is a pan-agent limited to only serve a single PA device (or VSYS) at a time?

Not applicable

Yes I've successfully conected 100 UserID agents. All back to a single vsys.

I've also requested that PA have the 100 UserID agent limit increased and the max DC's limit... as the limits seems arbitrary and unnecessarily restricts design options for large networks.

OK I Confirm that PA can support 100 PAN AGENT

thks,

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!