A large-scale network can have hundreds of information
sources that firewalls query to map IP addresses to usernames and
to map usernames to user groups. You can simplify User-ID administration
for such a network by aggregating the user mapping and group mapping
information before the User-ID agents collect it, thereby reducing
the number of required agents.
A large-scale network can also have numerous firewalls that use
the mapping information to enforce policies. You can reduce the
resources that the firewalls and information sources use in the
querying process by configuring some firewalls to acquire mapping
information through redistribution instead of direct querying. Redistribution
also enables the firewalls to enforce user-based policies when users
rely on local sources for authentication (for example, regional
directory services) but need access to remote resources (for example,
global data center applications).