D - Firewall to Firewall
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/user-id/deploy-user-id-in-a-large-scale-network/redistribute-user-mappings-and-authentication-timestamps/firewall-deployment-for-user-id-redistribution.html#ide3661b46-4722-4936-bb9b-181679306809
PCNSE Study Guide 2023 1.4.4
Firewalls share user mappings and authentication timestamps as part of the same redistribution
flow; you do not have to configure redistribution separately for each information type.
Answer: D (https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/user-id/deploy-user-id-in-a-large-scale-network/redistribute-user-mappings-and-authentication-timestamps/firewall-deployment-for-user-id-redistribution.html)
A..from the PCNSE study guide revised Aug 2020
To map IP addresses to usernames, User-ID agents monitor sources such as directory servers. The agents send the user mappings to firewalls, Log Collectors, or Panorama. Each appliance then can serve as redistribution points that forward the mappings to other firewalls, Log Collectors, or Panorama. Before a firewall or Panorama can collect user mappings, you must configure its connections to the User-ID agents or redistribution points.
More information about this topic can be found here: https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-web-interface
"The agents send the user mappings to firewalls, Log Collectors, or Panorama." so far not redistribution - just collection...
then it says "Each appliance then can serve as redistribution points that forward the mappings to other firewalls, Log Collectors, or Panorama." so for it to be considered as redistribution it has to come from a firewall, panorama, or log collector. taht only leaves option "D" as an option as its the only one that sources userID from a fw, panorama ,or log collector.
This one is a little confusing but I do believe that the right answer is "A".
Step 3-1 says "Configure the firewall to function as a User-ID agent.
If redistribution enables the firewall to function as a User-ID agent for other devices then the correct data flow would be "User-ID agent to firewall"
The answer is A
https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-admin/user-id/deploy-user-id-in-a-large-scale-network/configure-firewalls-to-redistribute-user-mapping-information/configure-user-id-redistribution.html#idc123940a-367d-4515-b45e-29c1d0aa2bd1
In later version of the PANOS documentation it doesn't mention configuring the firewall as a User-Id agent specifically but all the configuration for redistribution is done within the User-ID agent configuration itself. See Step 1-3 in the doc link below.
https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/user-id/deploy-user-id-in-a-large-scale-network/redistribute-user-mappings-and-authentication-timestamps/configure-user-id-redistribution
D.
if it was collection of user ID it would be A, but instead is redistritbution.
check example below.
https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-admin/user-id/deploy-user-id-in-a-large-scale-network/configure-firewalls-to-redistribute-user-mapping-information/firewall-deployment-for-user-id-redistribution.html#id127bc778-ffec-49c4-a9b2-5cf7b044be6e
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
CiscoNinja
Highly Voted 4 years, 4 months agocipri86
Highly Voted 3 years, 8 months agoMarshpillowz
Most Recent 7 months, 4 weeks agoChiaPet75
1 year, 1 month agoTAKUM1y
1 year, 11 months agoUFanat
2 years, 3 months agotururu1496
2 years, 6 months agolmla89
2 years, 8 months agofxgoat98
3 years, 3 months agoGBD
4 years agojpm_1506
3 years, 9 months agoGBD
4 years agocthd
4 years, 2 months agomaylinn
4 years, 3 months agoChiaPet75
4 years, 3 months agorammsdoct
4 years, 3 months agoAb121213
4 years, 4 months ago