Installation Steps for PAN Terminal Services Agent

Similar documents
Installation Steps for PAN User-ID Agent

Configuring User Identification via Active Directory

How to Configure Captive Portal

freesshd SFTP Server on Windows

Upgrading User-ID. Tech Note PAN-OS , Palo Alto Networks, Inc.

How To - Implement Clientless Single Sign On Authentication with Active Directory

How to install IDA floating licenses on a Windows server

User-ID Features. PAN-OS New Features Guide Version 6.0. Copyright Palo Alto Networks

Configuring Global Protect SSL VPN with a user-defined port

Palo Alto Networks GlobalProtect VPN configuration for SMS PASSCODE SMS PASSCODE 2015

Configuring PA Firewalls for a Layer 3 Deployment

Troubleshooting This document outlines some of the potential issues which you may encouter while administering an atech Telecoms installation.

OneLogin Integration User Guide

How To - Implement Clientless Single Sign On Authentication in Single Active Directory Domain Controller Environment

FlexSim LAN License Server

F-SECURE MESSAGING SECURITY GATEWAY

ShadowControl ShadowStream

Contents. Introduction. Prerequisites. Requirements. Components Used

Panorama High Availability

Citrix Client Installation

How to Configure Active Directory based User Authentication

Palo Alto Networks User-ID Services. Unified Visitor Management

How to Configure and Test QoS in PANOS 3.0

NovaBACKUP Central Management Console

How To Remotely View Your Security Cameras Through An Ezwatch Pro Dvr/Camera Server On A Pc Or Ipod (For A Small Charge) On A Network (For An Extra $20) On Your Computer Or Ipo (For Free

HOW TO CONNECT TO FTP.TARGETANALYSIS.COM USING FILEZILLA. Installation

Cisco PIX Firewall Manager FAQ

WHMCS LUXCLOUD MODULE

COMMANDS 1 Overview... 1 Default Commands... 2 Creating a Script from a Command Document Revision History... 10

IMAPing 3.0 Administrator s Guide

Spam Marshall SpamWall Step-by-Step Installation Guide for Exchange 5.5

DSL-G604T Install Guides

Steps to be taken when you are unable to get the license in Tally.ERP 9

Set Up Panorama. Palo Alto Networks. Panorama Administrator s Guide Version 6.0. Copyright Palo Alto Networks

NovaBACKUP xsp Version 15.0 Upgrade Guide

Test Case 3 Active Directory Integration

HOW TO RETRIEVE FILES FROM THE TARGET ANALYTICS FTP SITE

NETASQ SSO Agent Installation and deployment

User-ID. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright Palo Alto Networks

External Authentication with Citrix Secure Gateway - Presentation server Authenticating Users Using SecurAccess Server by SecurEnvoy

Configuring IBM Cognos Controller 8 to use Single Sign- On

SETTING UP REMOTE ACCESS ON EYEMAX PC BASED DVR.

Configure ActiveSync with a single Exchange server (Exchange sync for an iphone)

A-AUTO 50 for Windows Setup Guide

AT&T Global Network Client v6.8.0 and Passport IP Setup Instructions for Broadband VPN Access

Configuring Cisco CallManager IP Phones to Work With IP Phone Agent

Installing and Configuring vcloud Connector

Analyze Traffic with Monitoring Interfaces and Packet Forwarding

Configuring MailArchiva with Insight Server

Connecting your Virtual Machine to the Internet. BT Cloud Compute. The power to build your own cloud solutions to serve your specific business needs

Debug Failed to connect to server!

Download/Install IDENTD

Installation Troubleshooting Guide

REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER

How to install and use CrossTec Remote Control or SchoolVue in a Virtual and or Terminal Service environment

Elevated Privileges and User ID in Active Directory Environments

Decryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright Palo Alto Networks

User-ID Best Practices

TSM for Windows Installation Instructions: Download the latest TSM Client Using the following link:

Qvis Security Technical Support Field Manual LX Series

Thin Client Solution Installation Guide Version

Manage Licenses and Updates

WHITE PAPER Citrix Secure Gateway Startup Guide

Legacy Host Licensing with vcenter Server 4.x ESX 3.x/ESXi 3.5 and vcenter Server 4.x

Set Up a VM-Series Firewall on an ESXi Server

Syslog Server Configuration on Wireless LAN Controllers (WLCs)

Integrating LANGuardian with Active Directory

Set Up a VM-Series Firewall on the Citrix SDX Server

NovaBACKUP xsp Version 12.2 Upgrade Guide

Quick Note 026. Using the firewall of a Digi TransPort to redirect HTTP Traffic to a proxy server. Digi International Technical Support December 2011

Monitor Print Popup for Mac. Product Manual.

Configuration Manual

Step by Step Guide to implement SMS authentication to F5 Big-IP APM (Access Policy Manager)

Configure your firewall for administrative access via RADIUS authentication

IFS CLOUD UPLINK INSTALLATION GUIDE

VM-Series Firewall Deployment Tech Note PAN-OS 5.0

POP3 Connector for Exchange - Configuration

IIS, FTP Server and Windows


Getting Started with Clearlogin A Guide for Administrators V1.01

Deployment Guide for Citrix XenDesktop

USER GUIDE. Ethernet Configuration Guide (Lantronix) P/N: Rev 6

VMware Software Manager - Download Service User's Guide

VMware Identity Manager Connector Installation and Configuration

Device Log Export ENGLISH

qliqdirect Active Directory Guide

Upgrading Software Using the Online Installer

Monitoring Oracle Enterprise Performance Management System Release Deployments from Oracle Enterprise Manager 12c

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

Securing access to Citrix applications using Citrix Secure Gateway and SafeWord. PremierAccess. App Note. December 2001

Creating Home Directories for Windows and Macintosh Computers

Getting Started with StoreGrid Cloud

QliqDIRECT Active Directory Guide

TABLE OF CONTENTS. Change Server Port in OBIEE 11g Page 2 of 15

Using Public IP Settings

Parental Control Setup Guide

H3C Firewall and UTM Devices DNS and NAT Configuration Examples (Comware V5)

Transcription:

Installation Steps for PAN Terminal Services Agent If you have a supported terminal server 1 and an Active Directory domain, and would like the Palo Alto Networks firewall to match traffic to particular logged-in users, you can install the PAN Terminal Services Agent on each terminal server. The Terminal Services agent will assign a different TCP/UDP source port range for each user s terminal services session. That database of usernames -> port ranges is then pushed to the PAN firewalls, where it is used for traffic logging, and policy enforcement. 2 Note that the TS Agent does not require that the UserID Agent be installed in the network, although having both installed will give you a complete picture of who is doing what in your network. For instructions on how to install the PAN User ID Agent, refer to the document Installation Steps for PAN User ID Agent. To determine beforehand: Determine onto which machines the Terminal Services Agent will be installed. That machine must: o be running Windows Server 2003 Terminal Services, or Citrix Metaframe Presentation Server v4 or v4.5 o be a member of the domain to be monitored o have network connectivity to the management port of the PAN firewall Confirm that multiple users can login to the terminal server, and run various networking applications (web browsing, ping, etc.) The Palo Alto Networks firewall must be running PANOS 3.0.0 or higher. Part 1: Installing and Configuring the Terminal Services Agent 1. Login as administrator to the terminal server. 2. Download the latest version of the Terminal Services Agent (TaInstall.msi) from https://support.paloaltonetworks.com. 1 Supported terminal servers: Windows 2003 Terminal Server, Citrix Metaframe Presentation Server v4.0 or v4.5 2 Policy enforcement requires that the PAN User-ID agent also be installed in the network. PANOS 3.0.0 1

3. Install that file, accepting the all the defaults. This installs the software as a service on that machine. 4. You can confirm the service is installed by running the Services administrative tool (services.msc), and looking for PAN Terminal Server Agent 5. No configuration of the Terminal Service Agent is required; however if you want to view the current configuration, go to Start -> Programs-> Palo Alto Networks-> Terminal Server Agent. 6. The Terminal Services agent by default is operating on TCP port 5009. To confirm that the server running the Terminal Services Agent is listening on that port, use the following command on the server: netstat an find 5009 Here is example output: PANOS 3.0.0 2

Part 2: Configuring the PAN Firewall 7. To configure the PAN firewall to talk to the TS agent, login to the firewall s GUI. Go to Device tab -> User Identification. Click Add under Terminal Server Agent. 8. Enter the IP address of the TS agent. Also assign a name to the agent, and the port number. If the terminal server is multi-homed, the bottom of the screen allows you to enter the additional IPs. 9. You must also enable user identification on each zone that you want to monitor. On the Network tab -> Zones page, edit the appropriate zone (example: tapzone). In the bottom left corner of the zone properties page, check the box to Enable User Identification. 10. The firewall is now configured. Commit your changes at this time. PANOS 3.0.0 3

Part 3: Testing 11. To confirm everything is configured properly, bring up a CLI to the firewall, and execute this command: show ts-agent statistics You may see an error: Or you may get this output, which indicates things are working properly: Once you see connected in the CLI, you can go to the TS Agent GUI (Start -> Programs -> Palo Alto Networks -> Terminal Services Agent) and see a similar status on the main screen: 12. Login to the terminal server as different users concurrently, and surf the web or generate other traffic. Close those connections, as the firewall only logs completed sessions (by default). PANOS 3.0.0 4

13. You can view which users are currently logged into the Terminal Server using: show ts-agent user-ids This info will match the Monitor page of the TS Agent: If there is a long list of users, and you want to determine if a particular user (example: jpage) is in the list, use this command: show ts-agent user-ids match jpage 14. Examine the PAN traffic log to see if you can tell who is doing what (Monitor tab-> Logs -> Traffic) Notice in the above log that two different users are coming from the same source IP address the terminal server. PANOS 3.0.0 5

Part 4: Troubleshooting Hints 15. The TS Agent maintains a log file which is very useful for troubleshooting. The log file can be viewed using File -> Show Logs. To enable detailed information on the User-ID Agent operation, go to File -> Debug and select Verbose. The logs will now display more detailed messages. PANOS 3.0.0 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information