Device > User Identification > Terminal Services Agents
On a system that supports multiple users who share the
same IP address, a Terminal Services (TS) agent identifies individual
users by allocating port ranges to each one. The TS agent informs every
connected firewall of the allocated port range so that the firewalls
can enforce policy based on users and user groups.
All firewall models can collect username-to-port mapping information
from up to 5,000 multi-user systems. The number of TS agents from
which a firewall can collect the mapping information varies by firewall model.
You must install and configure the TS agents before configuring
access to them. The complete procedure to
configure user mapping for terminal server users requires additional tasks
besides configuring connections to TS agents.
You can perform the following tasks to manage access to TS agents.
Display information / Refresh Connected
Terminal Services Agents
the Connected column displays the status of the connections from
the firewall to the TS agents. A green icon indicates a successful
connection, a yellow icon indicates a disabled connection, and a
red icon indicates a failed connection. If you think the connection
status might have changed since you first opened the page, click
to update the status display.
To configure access to a TS agent,
agent and configure the following fields:
a name to identify the TS agent (up to 31 characters). The name
is case-sensitive and must be unique. Use only letters, numbers,
spaces, hyphens, and underscores.
—Enter the static IP address or
hostname of the terminal server where the TS agent is installed.
—Enter the port number (default
is 5009) that the TS agent service uses to communicate with the
Alternative IP Addresses
—If the terminal
server where the TS agent is installed has multiple IP addresses
that can appear as the source IP address for the outgoing traffic,
enter up to eight additional static IP addresses or hostnames.
—Select this option to enable
the firewall to communicate with this TS agent.
To remove the configuration
that enables access to a TS agent, select the agent and click
To disable access to a TS agent without deleting
its configuration, edit the agent and clear the
Administrative roles with a minimum of read-only
access can export the device configuration table as
You can apply filters to create more specific table configuration
outputs for things such as audits. Only visible columns in the web
interface will be exported. See Configuration