User-ID is
a feature that enables mapping of user IP addresses to usernames
and group memberships, enabling user- or group-based policy and
visibility into user activity on your network (for example, to be
able to quickly track down a user who may be the victim of a threat).
To perform this mapping, the firewall, the User-ID agent (either installed
on a Windows-based system or the PAN-OS integrated agent running
on the firewall), and/or the Terminal Server agent must be able
to connect to directory services on your network to perform
Group
Mapping and
User
Mapping. Additionally, if the agents are running on systems
external to the firewall, they must be able to connect to the firewall
to communicate the IP address to username mappings to the firewall.
The following table lists the communication requirements for User-ID
along with the port numbers required to establish connections.