Your company has 10 Active Directory domain controllers spread across multiple WAN links. All users authenticate to Active Directory. Each link has substantial network bandwidth to support all mission-critical applications. The firewall's management plane is highly utilized. Given this scenario, which type of User-ID agent is considered a best practice by Palo Alto Networks?
Given the scenario of multiple WAN links and high utilization of the firewall's management plane, the best practice would be to use the Windows-based User-ID agent on a standalone server. This approach minimizes the load on the firewall’s management plane by offloading the User-ID processing to a separate server. Additionally, this solution allows the agent to be placed closer to the Active Directory domain controllers, reducing latency and potential issues with WAN links.
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/user-id/map-ip-addresses-to-users/configure-user-mapping-using-the-windows-user-id-agent
Selected Answer: D Which Agent Type is Better? The result is that, in an infrastructure with remote networks separated by WAN links, the integrated agent is more appropriate for reading remote logs and the Windows-based agent is more appropriate for reading local logs. However, use of the integrated agent is not without cost: It consumes more of the firewall’s management plane resources. For this reason, deployment of the Windows agent at remote sites and having them forward the relevant User-ID information to a firewall on a central network often is beneficial. https://beacon.paloaltonetworks.com/uploads/resource_courses
Answer is D. The way you configure the User-ID agent depends on the size of your environment and the location of your domain servers. As a best practice, locate your User-ID agents near the servers it will monitor (that is, the monitored servers and the Windows User-ID agent should not be across a WAN link from each other).
D. Read TAKUM1y link.