So I have
850 - single pa
5220 - 2 in a Active active setup
For Windows i have
3 x MS AD - my AD trilogy
2 x Exchange boxes - they curently are AD's as well
2 more AD - old boxes with FS and PS
2 FS ... not AD's
I have userid setup for all PA's
on the A/A pair both are configure but only the master does userid agent stuff
All the PA's (and panorama) talk to all the AD's and also each PA talks to panoram.
So my understanding is Panoram is like the hub of userid - it will redistribute
No my problem is my AD's are being hammered - every 2 sec 2 devices will work its way through potential a 2G security event log. As you can imagine thats over the top - CPU is ^^^^^
Originally I used user-id agents on the AD's but having read the tech doc, they recommend that you use the inbuild agent on the PA's
My current plan is to look at just the 3 x MS AD server - they will eventually be the only AD boxes.
Would I be better going back to useragent programs on the AD boxes
I'm also thinking that maybe I should have each PS look at each AD
I rely up userid alot so ...
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!