Multiple Passive Identity Agents Monitoring Multiple Domain Controllers

The following figure shows standalone monitoring multiple AD domain controllers:

  • In AD domain 1, a standalone passive identity agent installed on a machine attached to AD domain controller 1 sends user and IP address mapping data to the Cloud-delivered Firewall Management Center.

  • In AD domain 2, standalone agents installed on AD domain controllers 1 and 2 send user and IP address mapping data to the Cloud-delivered Firewall Management Center.

You can deploy several standalone passive identity agents to monitor multiple Active Directory networks and send user IP information to the firewall manager

You can install a passive identity agent on the AD domain controller, directory server, or on any client connected to the domain you wish to monitor.

The preceding figure shows three passive identity agents, each configured as a standalone. To do this:

  1. Create two Microsoft AD realms: one for each AD domain.

    See Create an LDAP Realm or an Active Directory Realm and Realm Directory.

  2. For AD domain 2, create two directories, one for each domain controller.

  3. Install the Passive Identity Agent software on a client that can log in to the domain.

    Configure each passive identity agent individually to communicate with the Cloud-delivered Firewall Management Center on which you configure the passive identity agent source.

    See Install the Passive Identity Agent Software.

  4. Create the passive identity agent identity source.

    See Create a Primary or Secondary Passive Identity Agent Identity Source.