User-ID Agent Settings

  • Panorama > Managed Collectors > User-ID Agents
A Dedicated Log Collector can receive user mappings from up to 100 User-ID agents. The agents can be PAN-OS integrated User-ID agents that run on firewalls or Windows-based User-ID agents. On a firewall with multiple virtual systems, each virtual system can serve as a separate User-ID agent. The Log Collector can then redistribute the user mappings to firewalls or the Panorama management server.
The complete procedures to configure user mapping and enableusermapping redistributionrequire additional tasks besides connecting to User-ID agents.
To configure a Dedicated Log Collector to connect to a User-ID agent, Add one and configure the settings as described in the following table.
User-ID Agent Settings
Description
Name
Enter a name (up to 31 characters) to identify the User-ID agent. The name is case-sensitive, must be unique, and can contain only letters, numbers, spaces, hyphens, and underscores.
For a firewall serving as a User-ID agent, this field does not have to match the Collector Name field.
Host
  • Windows-based User-ID agent—Enter the IP address of the Windows host on which the User-ID agent is installed.
  • Firewall (PAN-OS integrated User-ID agent)—Enter the host name or IP address of the interface that the firewall uses to redistribute user mappings.
Port
Enter the port number on which the User-ID agent will listen for User-ID requests. The default is port 5007 but you can specify any available port. Different User-ID agents can use different ports.
Some earlier versions of the User-ID agent use port 2010 as the default.
Collector Name
The collector that these fields refer to is the User-ID agent, not the Log Collector. The fields apply only if the agent is a firewall or virtual system that redistributes user mappings to the Log Collector. Enter the Collector Name and Pre-Shared Key that identify the firewall or virtual system as a User-ID agent. You must enter the same values as you did when configuring the firewall or virtual system to serve as a User-ID agent (see Redistribution).
Collector Pre-shared Key / Confirm Collector Pre-shared key
Enabled
Select to enable the Log Collector to communicate with the User-ID agent.

Related Documentation