Device > User Identification > Terminal Services Agents
On a system that supports multiple users who share the
same IP address, a Terminal Services (TS) agent identifies individual
users by allocating port ranges to each one. The TS agent informs
every connected firewall of the allocated port range so that the
firewalls can enforce policy based on users and user groups.
All firewall models can collect username-to-port mapping information
from up to 5,000 multi-user systems. The number of TS agents from
which a firewall can collect the mapping information varies by firewall model.
You must install and configure the TS agents before configuring
access to them. The complete procedure
to configure user mapping for terminal
server users requires additional tasks besides configuring connections to
You can perform the following tasks to manage access to TS agents.
Display information / Refresh Connected
Terminal Services Agents
the Connected column displays the status of the connections from
the firewall to the TS agents. A green icon indicates a successful
connection, a yellow icon indicates a disabled connection, and a
red icon indicates a failed connection. If you think the connection
status might have changed since you first opened the page, click
update the status display.
To configure access to a TS agent,
agent and configure the following fields:
a name to identify the TS agent (up to 31 characters). The name
is case-sensitive and must be unique. Use only letters, numbers,
spaces, hyphens, and underscores.
—Enter the IP address of the terminal
server where the TS agent is installed.
This must be
a static IP address; DHCP is not supported.
—Enter the port number (default
is 5009) that the TS agent service uses to communicate with the
Alternative IP Addresses
—If the terminal
server where the TS agent is installed has multiple IP addresses
that can appear as the source IP address for the outgoing traffic,
enter up to eight additional IP addresses.
be a static IP address; DHCP is not supported.
—Select this option to enable
the firewall to communicate with this TS agent.
To remove the configuration
that enables access to a TS agent, select the agent and click
To disable access to a TS agent without deleting
its configuration, edit the agent and clear the
Administrative roles with a minimum of read-only
access can export the device configuration table as
can apply filters to create more specific table configuration outputs
for things such as audits. Only visible columns in the web interface
will be exported. See Configuration