One would user UserID agent - if you have a distributed DC set up - across multiple WAN locations. That way you can run the UseriD Agent on each DC at the remote location and keep their chatter local.
Then only send the filtered (specific IP to user mappings) across the WAN to a head end firewall.
If however, you'd like to keep everything under one administrator groups's control (sometimes server folks and network folks have trouble sharing info.), then it may be easier to simply run the UserID agentless on the firewall. That way, only the access to AD via the LDAP admin account will be needed to have the firewall talk to the DCs. This would be preferred in cases where the DCs and firewall are all local and there is no WAN link to cross.
The basic difference between agent and agentless is as follows:
User-id agent can install multiple ways
the best source for the gory details is the User-id Best practices documentation.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!