1. How much user-id be supported by agent-less user-id? I guess that 64K user-id and 640 user-group would be supported on all of PAN model. right? Right 2. When using user-id collector, How much user-id and user-group be supported by agent-less user-id for receiving all of user-id and user-group from other FWs? 64K user-id and 640 user-group be supported? Right 3. How many domain and DC be supported on user-id collector environment? Only 20 DC and 8 Different Domains be supported? Approximate Numbers: Agentless: Small/Medium-sized Deployments and LAB Environments Monitoring up to 20 Domain controllers and/or Exchange servers. User-ID Agent : Large Deployments Monitoring up 100 Domain controllers and/or Exchange servers 4. When Using User-ID Collector would support so many user-id, user-group Is it makes a problem of performance for MGMT of FWs? Using the User-ID feature to its max capacity would increase the MP CPU but should not affect the Managment Access to the FW. 5. I know that command "show user ip-user-mapping all" would show mapping user for DataPlane and "show user ip-user-mapping-mp all" would show mapping user for Management Plane? What's different for both of the command? When should I check for user-mapping for MP or DP? DP reads User ID info from MP ,so while debugging User-ID related issues start with MP related command (show user ip-user-mapping-mp all).
... View more