Device > User Identification > Terminal Services Agents
On a system that supports multiple users who share the same IP address, a Terminal Services (TS) agent identifies individual users by allocating port ranges to each one. The TS agent informs every connected firewall of the allocated port range so that the firewalls can enforce policy based on users and user groups.
All firewall models can collect username-to-port mapping information from up to 5,000 multi-user systems. The number of TS agents from which a firewall can collect the mapping information varies by firewall model.
You must install and configure the TS agents before configuring access to them. The complete procedure to configure user mapping for terminal server users requires additional tasks besides configuring connections to TS agents.
You can perform the following tasks to manage access to TS agents.
Display information / Refresh Connected
In the Terminal Services Agents page, the Connected column displays the status of the connections from the firewall to the TS agents. A green icon indicates a successful connection, a yellow icon indicates a disabled connection, and a red icon indicates a failed connection. If you think the connection status might have changed since you first opened the page, click Refresh Connected to update the status display.
To configure access to a TS agent, Add an agent and configure the following fields:
To remove the configuration that enables access to a TS agent, select the agent and click Delete.
To disable access to a TS agent without deleting its configuration, edit the agent and clear the Enabled option.
Administrative roles with a minimum of read-only access can export the device configuration table as PDF/CSV. You can apply filters to create more specific table configuration outputs for things such as audits. Only visible columns in the web interface will be exported. See Configuration Table Export.
Configure User Mapping for Terminal Server Users
Configure User Mapping for Terminal Server Users Individual terminal server users appear to have the same IP address and therefore an IP address-to-username mapping is ...
Configure the Palo Alto Networks Terminal Services Agent fo...
Configure the Palo Alto Networks Terminal Services Agent for User Mapping Use the following procedure to install and configure the TS agent on the terminal ...
Port Mapping In environments with multi-user systems—such as Microsoft Terminal Server or Citrix environments—many users share the same IP address. In this case, the user-to-IP ...
Ports Used for User-ID
Ports Used for User-ID User-ID is a feature that enables mapping of user IP addresses to usernames and group memberships, enabling user- or group-based policy ...
Manage Access to User-ID Agents
Manage Access to User-ID Agents Perform the following tasks for managing connections from the firewall to User-ID agents or redistribution points. Task Description Display information ...
Map IP Addresses to Users
Map IP Addresses to Users User-ID provides many different methods for mapping IP addresses to usernames. Before you begin configuring user mapping, consider where your ...
Device > User Identification > User-ID Agents
Device > User Identification > User-ID Agents To map usernames to IP addresses, User-ID agents monitor various sources, such as directory servers. The agents send ...
User Identification User Identification (User-ID™) is a Palo Alto Networks® next-generation firewall feature that seamlessly integrates with a range of enterprise directory and terminal services ...
Install the Windows-Based User-ID Agent
Install the Windows-Based User-ID Agent The following procedure shows how to install the User-ID agent on a member server in the domain and set up ...