I'm looking for detailed information on how the Logon Collector works when it is used with a NGFW and a MS AD /Exchange.
Basically i need workflows that describe :
- How is pooled this AD ?
- Dealing with the caching inside the Logon Monitor / the Logon Collector / The NGFW :What is cached ? How long does the collected information are cached ?
- Which events are detected and generates a refresh of the DB ? (Ex: login/logoff,... ?)
- Which behavior is not supported ? (EX: unclean network disconnect, IP violation ,...?)
If you have a doc that details the full specifications i would greatly appreciate that you share it with we :-)
Let's start from the document. Please check into McAfee KnowledgeBase - Logon Collector 3.0 Administration Guide - Rev B if not seen that before. Integration with NGFW is covered in there as well as lot of details on how MLC operates, how to set it up and how to troubleshoot it.