because you can't have a shared pan agent when you use VSYS!!.
So if you have 10 vsys and you have 5 site with ACTIVE DIRECTORY and you want do HA on each SITE :
10VSYS*(5 panagent*2(HA))= 100 pan agent
and I can't use an another architecture. (I have already discuss of this problem with Palo Alto)
I just need to know if someone have already try to use 100 PAN AGENT
And I guess it wont work if two different VSYS (or for that matter two different PA devices) use the same panagent?
Because (if we ignore redundancy for a short moment) one pan-agent per site will serve whatever this site has in its directory. Then no matter if you use 10 VSYS or 10 PA devices I think they should be able to speak to the same pan-agent (since the pan-agent is just a proxy between how PA wants the information and how the AD (or whatever) can present it).
Or is a pan-agent limited to only serve a single PA device (or VSYS) at a time?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!