New User-ID Feature
WinRM Support for Server Monitoring
To create User-ID mappings, the PAN-OS integrated User-ID agent can now connect to Microsoft Active Directory and Exchange servers using the lightweight Windows Remote Management (WinRM) protocol. The WinRM protocol greatly improves the speed and efficiency of collecting User-ID mappings.
Shared User-ID Mappings Across Virtual Systems
To easily enforce user-based policy in a multi-vsys environment, you can assign a virtual system as the User-ID hub to share mappings with other virtual systems. This reduces configuration complexity and maximizes the number of mappings available to each virtual system.
User-ID Support for Large Numbers of Terminal Servers
To consistently enforce user-based security policy in environments with a large number of terminal servers, you can now monitor an increased number of terminal servers per firewall. This simplifies the complexity of network design and firewall configuration, resulting in centralized visibility and policy enforcement for all terminal server users.