User-ID on-box Best Practice

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

User-ID on-box Best Practice

L4 Transporter

Hi,

Can anyone clarify for me what the best practice recommendations are for the User-ID agent?  Prior to V5 it was clear that they should ideally run on the domain controllers or servers close to them.  However with the option of running on-box, is this now the preferred option, are there any limitations or side-effects of doing so?

Thanks

6 REPLIES 6

L4 Transporter

I would not recommend to use the new agentless UID approach yet,

- AD User Accounts with Umlaut characters cannot be excluded (Support case is already open)

- It seems networks cannot be excluded from user ip mapping neither -- > https://live.paloaltonetworks.com/thread/6903

I had some strange behaviour with the agentless setup but which I could not reproduce in the lab.

I would recommend to stick with the UID Agent for now. Just my two cents.

L4 Transporter

The reason the recommendation was to run the UserID agent on a domain contoller was that the communication between the domain controller and the UserID agent is very chatty. That's why to keep that chattiness local the USERID Agent was expected to run on the domain controller itself.

If you now run the Agentless UserID on the firewall itself, you'd still see the chattiness between the PAN firewall and the domain contollers so that may be something to consider.

Not applicable

I try to use agentless with 5.0.2 but it make management server is very high. Use for 1000 users.

Already open case and switch to software agent if the user is big.

Hello,

There is a bug in 5.0.2 making the useridd process use 100%+ cpu. For now you should either downgrade to 5.0.1 or wait for 5.0.3 that will probably be out next week 🙂

BTW, the bug also impacts the software agent.

Jo Christian

/Jo Christian

Had the same issue with 5.0.2 and the 100% CPU Utilization.  Moved to 5.0.3 when it was released and experienced similar issues and was told that we should wait to 5.0.4 so I suggest that you move to 5.0.1, have been running that code for almost a week now and seems alot more stable.

Just an update,  Currently running 5.0.4 due to some other bugs that were in 5.0.1.  It feels stable but I have only been running this version for about a week now and I am aware that there are a few bugs that may affect our deployment but its the best we can do while we wait for 5.0.5 to be released.

  • 7659 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!