Configure
User Mapping Using the Windows User-ID Agent
In most cases, the majority of your network users will
have logins to your monitored domain services. For these users,
the Palo Alto Networks User-ID agent monitors the servers for login
events and performs the IP address to username mapping. The way you
configure the User-ID agent depends on the size of your environment
and the location of your domain servers. As a best practice, locate
your User-ID agents near the servers it will monitor (that is, the
monitored servers and the Windows User-ID agent should not be across
a WAN link from each other). This is because most of the traffic
for user mapping occurs between the agent and the monitored server,
with only a small amount of traffic—the delta of user mappings since
the last update—from the agent to the firewall.
The following topics describe how to install and configure the
User-ID Agent and how to configure the firewall to retrieve user
mapping information from the agent: