User ID Agent Questions (Windows & Intergrated)

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

User ID Agent Questions (Windows & Intergrated)

L3 Networker

I am taking online trainging & I would be super thankful if someone with solid PA experience could answer some questions & provide any helpful feedback.  I have a list of true or false questions & I just want to make sure my brain is processing all this information.

 

True or False

The Windows agent gets installed on the domain server(s) only NOT all of the endpoints them selves?

 

True or False

In most cases the Windows based agent running on the domain server sends username & IP data to the firewall effectively without enabling WMI Client Probing?

 

True or False

For environments where users are constantly switching from wired to wireless connections & IP's change frequently on the end points, the Windows agent works pretty well without the need for the wireless controller (or other log collectors) to send syslogs to the firewall?

 

True or False

For a large environment with 7000 users (2000 local/5000 remotely connecting via MPLS to PA in data center) the Windows based agent is the best way to go?

 

True or False

The Windows agent works well for remote users connecting to network via Anyconnect SSL client without the need to send syslogs to the firewall?

 

 

 

 

1 accepted solution

Accepted Solutions

L7 Applicator

ok in brief... perhaps a more tech answer will follow.. please observe end note...

 

True or False

The Windows agent gets installed on the domain server(s) only NOT all of the endpoints them selves?

 

True,

 

True or False

In most cases the Windows based agent running on the domain server sends username & IP data to the firewall effectively without enabling WMI Client Probing?

 

True,

 

True or False

For environments where users are constantly switching from wired to wireless connections & IP's change frequently on the end points, the Windows agent works pretty well without the need for the wireless controller (or other log collectors) to send syslogs to the firewall?

 

True,

 

 

True or False

For a large environment with 7000 users (2000 local/5000 remotely connecting via MPLS to PA in data center) the Windows based agent is the best way to go?

 

True but extra true if servers are more local to users than the PA's.

 

True or False

The Windows agent works well for remote users connecting to network via Anyconnect SSL client without the need to send syslogs to the firewall?

 

True.

 

my answers are based on my setup/relationship between AD,users and devices.

 

thay are only true as all users and devices authenticate against AD on several occasions throughout the day.

I also have a timeout set to 24 hours...

 

for other setups the answers may be more of a maybe or false depending on how much activity goes on between the user and AD.

 

if your users are all domain members and do lots of email and file sharing, drive connecting etc then the windows security log will be frequently updated with user-ip info and this is the needy fulfilment of the log collecter agent thingy to work efficiently.

 

I would elaborate further but need to attend my dental appointment where no doubt i will have half my face removed for a large fee...

 

 

View solution in original post

2 REPLIES 2

L7 Applicator

ok in brief... perhaps a more tech answer will follow.. please observe end note...

 

True or False

The Windows agent gets installed on the domain server(s) only NOT all of the endpoints them selves?

 

True,

 

True or False

In most cases the Windows based agent running on the domain server sends username & IP data to the firewall effectively without enabling WMI Client Probing?

 

True,

 

True or False

For environments where users are constantly switching from wired to wireless connections & IP's change frequently on the end points, the Windows agent works pretty well without the need for the wireless controller (or other log collectors) to send syslogs to the firewall?

 

True,

 

 

True or False

For a large environment with 7000 users (2000 local/5000 remotely connecting via MPLS to PA in data center) the Windows based agent is the best way to go?

 

True but extra true if servers are more local to users than the PA's.

 

True or False

The Windows agent works well for remote users connecting to network via Anyconnect SSL client without the need to send syslogs to the firewall?

 

True.

 

my answers are based on my setup/relationship between AD,users and devices.

 

thay are only true as all users and devices authenticate against AD on several occasions throughout the day.

I also have a timeout set to 24 hours...

 

for other setups the answers may be more of a maybe or false depending on how much activity goes on between the user and AD.

 

if your users are all domain members and do lots of email and file sharing, drive connecting etc then the windows security log will be frequently updated with user-ip info and this is the needy fulfilment of the log collecter agent thingy to work efficiently.

 

I would elaborate further but need to attend my dental appointment where no doubt i will have half my face removed for a large fee...

 

 

Thanks MickBall!  We are replacing our ASA in our main datacenter this month & I am trying to gauge how straight forward our User ID implementation will be.  The company I work for has 7000 employees most of which are not directly connected to the data center.  We use the traditional MPLS cloud setup with all internet traffic traversing our main data center at over 60 sites.  Even our remote users working from home traverse the data center.  We also have a robust wireless environment with multiple Aruba controllers & there is a high frequency of IP changes on the end points.  It's good to know there are advanced probing features & that the PA can be setup as a sylog listener incase the size & structure of our user base challenges User ID technology in our situation. 

  • 1 accepted solution
  • 2230 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!