Enable Redistribution of User Mappings Among Firewalls
- Device > User Identification > User Mapping > Palo Alto Networks User-ID Agent Setup > Redistribution
To enable a firewall or virtual system to serve as a User-ID agent that redistributes user mapping information along with the timestamps associated with authentication challenges, configure the settings described in the following table. When you later connect this firewall to an appliance (such as Panorama) that will receive the mapping information and timestamps, the appliance uses these fields to identify the firewall or virtual system as a User-ID agent.
The complete procedure to configure firewalls to redistribute user mapping information and authentication timestamps requires additional tasks besides specifying the redistribution settings.
By default, a firewall with multiple virtual systems doesn’t redistribute user mapping information across its virtual systems, though you can configure them for redistribution.
Enter a collector name (up to 255 alphanumeric characters) to identify the firewall or virtual system as a User-ID agent.
Pre-Shared Key/Confirm Pre-Shared Key
Enter a pre-shared key (up to 255 alphanumeric characters) to identify the firewall or virtual system as a User-ID agent.
User-ID Agent Settings
User-ID Agent Settings Panorama > Managed Collectors > User-ID Agents A Dedicated Log Collector can receive user mappings from up to 100 User-ID agents. The ...
Configure User-ID Redistribution
Configure User-ID Redistribution Before you configure User-ID redistribution: Plan the redistribution architecture. Some factors to consider are: Which firewalls will enforce policies for all users ...
Configure Access to User-ID Agents
Configure Access to User-ID Agents Each firewall and Panorama management server can connect to a maximum of 100 User-ID agents or User-ID redistribution points (or ...
Redistribute User-ID Information to Managed Firewalls
Redistribute User-ID Information to Managed Firewalls To ensure all the firewalls that enforce policies and generate reports have the required IP address-to-username mappings and authentication ...
User-ID Redistribution Using Panorama
User-ID Redistribution Using Panorama One of the key benefits of the Palo Alto Networks firewall is that it can enforce policies and generate reports based ...
Redistribute User Mappings and Authentication Timestamps
Redistribute User Mappings and Authentication Timestamps Every firewall that enforces user-based policy requires user mapping information. In a large-scale network, instead of configuring all your ...
Deploy User-ID in a Large-Scale Network
Deploy User-ID in a Large-Scale Network A large-scale network can have hundreds of information sources that firewalls query to map IP addresses to usernames and ...
Panorama and Log Collectors as User-ID Redistribution Points
Panorama and Log Collectors as User-ID Redistribution Points You can now leverage your Panorama and distributed log collection infrastructure to redistribute User-ID mappings in large-scale ...
Firewall Deployment for User-ID Redistribution
Firewall Deployment for User-ID Redistribution To aggregate User-ID information, organize the redistribution sequence in layers, where each layer has one or more firewalls. In the ...