'Enable Server Session Read' meaning for User ID Agent

'Enable Server Session Read' meaning for User ID Agent

22883
Created On 09/25/18 19:26 PM - Last Modified 11/06/20 22:20 PM


Symptom

What does "Enable Server Session Read" in the User-ID Agent mean?



Environment
  • Any PAN-OS.
  • Palo Alto Firewall
  • Windows User-ID Agent.
  • PAN-OS integrated User-ID Agent


Resolution

"Enable Server Session Read" is an additional server-based method to resolve users to IP addresses using the current user sessions in the Domain Controller. 
Users connected to resources on the Domain controller, such as shared folders and printers, have their IP addresses and user names stored in the server session table.
PAN agent is able to read this table and use it to make user to IP mappings.
The Agent will require Server Operator privileges to read the session table. In an environment where user drives are hosted on the Domain Controller, this can be a very efficient way to match users to their IP addresses.

 

 



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/kcsArticleDetail?id=kA10g000000ClYp&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FkcsArticleDetail

Attachments
Choose Language