1. Home
    2. PAN-OS
    3. PAN-OS Web Interface Help
    4. User Identification
    5. Device > User Identification > User Mapping
    6. Palo Alto Networks User-ID Agent Setup
    7. Server Monitor Account

    Server Monitor Account

    • Device
      User Identification
      User Mapping
      Palo Alto Networks User-ID Agent Setup
      Server Monitor Account
    To configure the PAN-OS integrated User-ID agent to use Windows Management Instrumentation (WMI) for probing client systems or Windows Remote Management (WinRM) over HTTP or over HTTPS to monitor servers for user mapping information, complete the following fields.
    You can also Configure Access to Monitored Servers by configuring a Kerberos server to authenticate server monitoring using Windows Remote Management (WinRM) over HTTP or over HTTPS.
    Because WMI probing trusts data that is reported back from an endpoint, Palo Alto Network recommends that you do not use this method to obtain User-ID mapping information in a high-security network. If you configure the User-ID agent to obtain mapping information by parsing Active Directory (AD) security event logs or syslog messages, or using the XML API, Palo Alto Networks recommends you disable WMI probing.
    If you do use WMI probing, do not enable it on external, untrusted interfaces. Doing so causes the agent to send WMI probes containing sensitive information—such as the username, domain name, and password hash of the User-ID agent service account—outside of your network. An attacker could potentially exploit this information to penetrate and gain further access to your network.
    Active Directory Authentication Settings
    Description
    User Name
    Enter the domain credentials (
    User Name
     and
    Password
    ) for the account that the firewall will use to access Windows resources. The account requires permissions to perform WMI queries on client computers and to monitor Microsoft Exchange servers and domain controllers. Use domain\username syntax for the
    User Name
    . If you Configure Access to Monitored Servers using Kerberos for server authentication, enter the Kerberos User Principal Name (UPN).
    Domain’s DNS Name
    Enter the DNS name of the monitored server. If you Configure Access to Monitored Servers using Kerberos for server authentication, enter the Kerberos Realm domain. You must configure this setting if you are using
    WinRM-HTTP
     as the transport protocol when you Configure Access to Monitored Servers.
    Password/Confirm Password
    Enter and confirm the password for the account that the firewall uses to access Windows resources.
    Kerberos Server Profile
    Select the Kerberos Server Profile for the Kerberos server that controls access to the Realm to retrieve security logs and session information from the monitored server with WinRM over HTTP or over HTTPS.
    The complete procedure to configure the PAN-OS integrated User-ID agent to monitor servers and probe clients requires additional tasks besides defining the Active Directory authentication settings.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2022 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo