Does the collector name need to be unique? Or can the same name be pushed to multiple firewalls in the use case of multiple firewalls in a panorama deployment?
In 7.1 one of the limitations was the use of Panorama as a redistribution point : live.paloaltonetworks.com/t5/Configuration-Articles/PAN-OS-7-1-User-ID-enhancements/ta-p/74609
Thanks for the response Kim. So, instead of using Panorama as a redistribution point, could I use a 7.1 firewall as that collection and distribution point?
Thanks again. I am looking at doing this with a master hub for redistribution, but was not ready to move to 8.0 yet. I had not had a chance to view the document before my question. In the document, it does look like I might have a potential issue with redistributing groups and will have to figure out what an LDAP Proxy is, but it gets me to step 1 of User-ID. Again, thank you and the PAN Team for making these videos and replying with answers to help.
This is one of those *LIGHTBOARDS* i did _NOT Know_ that i was looking for...
LOL
Muchas gracias!
❤😁❤
Spot on, saved me a lot of messing about. Cheers!
Does the collector name need to be unique? Or can the same name be pushed to multiple firewalls in the use case of multiple firewalls in a panorama deployment?
is there anyway i can redistribute specific subnets from panorama to the specific firewalls instead of entire table?
Will it also take care of the captive portal user information? Can you share the example for vsys to vsys (same firewall) redistribution?
How to troubleshoot the user id redistribution if the agent shows green and connected but not showing any mapping??
In case that I have a HA deployment, should I use 2 entries one for the active and one for the passive in case of fail over?
Hi, yes seeing that the mgmt IP is not part of the sync process you'll need 2 agent entries.
Can the redistribution be done through a Panorama 7.1 installation, or does it need to be Panorama 8.0?
In 7.1 one of the limitations was the use of Panorama as a redistribution point : live.paloaltonetworks.com/t5/Configuration-Articles/PAN-OS-7-1-User-ID-enhancements/ta-p/74609
Thanks for the response Kim. So, instead of using Panorama as a redistribution point, could I use a 7.1 firewall as that collection and distribution point?
Yes and I think the DOC I sent earlier has an example.
Thanks again. I am looking at doing this with a master hub for redistribution, but was not ready to move to 8.0 yet. I had not had a chance to view the document before my question. In the document, it does look like I might have a potential issue with redistributing groups and will have to figure out what an LDAP Proxy is, but it gets me to step 1 of User-ID. Again, thank you and the PAN Team for making these videos and replying with answers to help.
many many thanks
You're quite welcome. Thank you for your comment. Let us know if there's more you'd like to see on the Live Community channel.