End-of-Life (EoL)

User-ID Support for Large Numbers of Terminal Servers

With PAN-OS 9.0 you can monitor an increased number of terminal servers per firewall, enabling simpler network design and firewall configuration and centralized visibility and policy enforcement for all terminal server users.
The number of terminal servers that you can secure with User-ID is increased for many firewall models, providing user-based policy enforcement and visibility for more terminal server users. Previously, enabling User-ID for over 1,000 terminal servers required a network redesign, which included configuring additional firewalls to segment users and routing the traffic to the terminal servers communicating with those firewalls. Now you can configure more Terminal Server (TS) agents to secure users who access applications on terminal servers without changing your network infrastructure.
For optimal configuration, update the TS agent to the latest version.
The following table shows the number of TS agents supported for each hardware-based and VM-Series firewall model with increased TS agent capacity. All other hardware-based and VM-Series firewall models not listed below retain their existing capacities.
Firewall Model
Previous Capacity
New Capacity
PA-5200 series, VM-700
1000
2500
PA-7080, PA-7050
1000
2000
PA-7050 SMC-B
not applicable
2500
PA-3260, PA-3250, PA-3220
400
2000
PA-800 series
400
1000
In addition, you can now specify a hostname as an alternative IP address. The hostname must resolve to a static IP address. If the hostname resolves to multiple IP addresses, the TS agent uses the first IP address in the list. To view the alternate IP addresses, use the
show user ip-port-user-mapping
command.

Recommended For You