Manage Users, Authentication, and VPN Certificates
410
ProSecure Unified Threat Management (UTM) Appliance
Note: The DC agent does not function with LDAP domain users.
The DC agent monitors all Windows login events (that is, all AD domain user authentications)
on the DC server, and provides a mapping of Windows user names and IP addresses to the
UTM, enabling the UTM to apply user policies transparently. The DC agent transfers
encrypted names, IP addresses, groups, and login times of the users logged in to the UTM,
where this information remains securely (that is, it is not transferred out of the UTM).
Requirements for the ProSecure DC Agent Software and DC Agent Server
Note the following requirements for the ProSecure DC agent software and domain controller
(DC) servers:
• If the DC server is located behind a firewall or there is a firewall on the DC server, ensure
that the firewall does not block the server’s listening port. The default port that is used by
the DC agent is 5182.
• The DC agent needs to be able to automatically log an account login event when a
domain user account is authenticated against the Active Directory on a DC server.
Verify that the DC server has the following configuration:
- The Audit Logon Events policy is defined, and the Success check box is selected.
- The Audit Account Logon Events policy is defined, and the Success check box is
selected.
- The Audit Account Management policy is defined, and the Success check box is
selected.
In addition, if you change the log path of the security log, restart the DC server to bring
the change into effect.
• If you use the ProSecure DC Agent software on a DC server that is running Windows
Server 2003, ensure that Window’s Security Log settings in the Event Viewer are set to
the maximum size of 16 MB and to overwrite events as needed.
Download ProSecure DC Agent Software, and Create and Delete DC Agents
When new ProSecure DC Agent software is available, the UTM automatically downloads the
software from the update server and notifies administrative users in several ways:
• The UTM sends an email to administrative users.
• The UTM records a syslog entry.
• The UTM generates a notification screen that is presented to administrative users upon
login.