Hello We are having some complaints with the deployment of multiple Palo Alto Agents. We have 3 remote sites in 1 DOMAIN which are connected with a slow vpn connection. Each remote site has his own Domain controller Since we have a slow connection ,we made the choice to deploy an agent for each site. Each agent is only pointing to the local domain controller . The Palo Alto Device ( located at the main site ) is pointing to all agents. the issue is that some user mappings are not recognized by the PA , but they are listed on the agent. Question about this: We thought the Palo Alto is demanding all configured Agents for the same domain to resolve an ip-address to a username , but it seems like the Palo Alto device is only demanding the active agent ( * ) ( show user pan-agent statistics ) Is there anyone who can confirm this ? If the Palo Alto agent will only demand the active agent , how can we workaround this issue ? ( if we define each DC's on the remote agents, we got to much traffic load on the vpn connections. ) Thanks !
... View more