New User-ID Features
Panorama and Log Collectors as User-ID Redistribution Points
You can now leverage your Panorama™ and distributed log collection infrastructure to redistribute User-ID mappings in large-scale deployments. By using the existing connections from firewalls to Log Collectors to Panorama, you can aggregate the mappings without setting up and managing extra connections between firewalls.
Centralized Deployment and Management of User-ID and TS Agents
You can now use endpoint management software such as Microsoft SCCM to remotely install, configure, and upgrade multiple Windows-based User-ID agents and Terminal Services (TS) agents in a single operation. Using endpoint management software streamlines your workflow by enabling you to deploy and configure numerous User-ID and TS agents through an automated process instead of using a manual login session for each agent.
User Groups Capacity Increase
To accommodate environments where access control for each resource is based on membership in a user group, and where the number of resources and groups is increasing, you can now reference more groups in policy (the limit varies by platform).
User-ID Syslog Monitoring Enhancements
The following enhancements improve the accuracy of User-ID mappings and simplify monitoring syslog servers for mapping information:
Group-Based Reporting in Panorama
Panorama now provides visibility into the activities of user groups in your network through the User Activity report, SaaS Application Usage report (see SaaS Application Visibility for User Groups), custom reports, and the ACC. Panorama aggregates group activity information from managed firewalls so that you can filter logs and generate reports for all groups.