Have a Question?
How to Configure User-ID Agent Integration with Active Directory
Steps on how to configure User-ID Agent integration with Active Directory
-
Download the installation files from Palo Alto Networks Customer Support Portal with valid subscription account
-
User-ID Agent (UaInstall-9.0.5-8.msi)
- Default Installation Path – C:\Program Files (x86)\Palo Alto Networks\User-ID Agent\
-
User-ID Credential Agent (UaCredInstall64-9.0.5-8)
- Default Installation Path – C:\Program Files\Palo Alto Networks\User-ID Credential Agent\
-
-
Install User-ID Agent, and follow by User-ID Credential Agent on Domain Member Server
Preparation of Service Account
- Create a New Service Account called PaAgent (Domain User) in Active Directory
- Add PaAgent to Local Security Policy – Local Policies – User Right Assignment – Log on as a Service on the Domain Member Server where User-ID Agent installed
- Add PaAgent as member of Doman Event Log Readers in AD Domain to monitors the security event logs for specified Microsoft Exchange Servers, Domain Controllers, or Novell eDirectory servers for login events (Server Monitoring Feature)
- Add PaAgent as member of Local Administrators on the domain member server where User-ID Agent installed
Configuration of User-ID Agent
- Open User-ID Agent and change the Service Logon Account username for Active Directory to PaAgent
- Add the IP Address of AD Domain Controller
- Ensure that User-ID Agent is connected to AD Domain Controller successfully
Enable User Identification in Firewall
- Add User-ID Agent installed to Device – User Identification – User-ID Agents
5007 is the default port used by User-ID Agent
- Enable User Identification for Internal Zone in Network – Zones – Internal
- Click Commit and verify Firewall is connected to User-ID Agent successfully
Verification
User ID is showing in Source User in Monitor log now
Reference Links