Hi there,
Tanks for the reply.
As in the admin guide written:
..
The Trend Micro Domain Controller Agent queries each domain controller for user login sessions every seven seconds by default, obtaining the user name and workstation name for each login session. For each login session identified, the Domain Controller Agent performs a DNS lookup to resolve the workstation name to an IP address, and records the resulting user name/IP address pair....

So I guess, there will be a problem on a MS Terminal /Citrix with the username/IP address pare, b'cause all users have the same IP address (multiple user server eg. Citirx).
Or do I miss something?

http://www.cisco.com/en/US/docs/security/csc/csc66/administration/guide/csc6.html#wp1064372

Hmmm.. Is that maybe the answer?
https://supportforums.cisco.com/thread/228748



Thank you,
Greets Norbert

Hello,

Yes, it will be a problem as the AD agent will need to log every single time a user logs into a PC, then it will create a map ( username to Ip) In this case that will be the problem as all of them will have the same one.

Regards,

Remember to rate all of the helpful posts, if you need assistance on how to rate a post just let me know

Julio

Hi Julio,

Has IronPort such a function/service?

Hello Alig,

To be honest with you I am not 100% sure of that.

I have found the following information:

Powerful and flexible authentication ensures seamless integration with corporate environments. Administrators can create policies based on existing LDAP-based or Active Directory-based directory structures. Single sign-on capabilities provide a seamless end-user experience while surfing the Web. Administrators can also create authentication exemptions based on source or destination traffic profiles.

Granular policy creation using IronPort Web Security Manager™ allows administrators to create and manage policies on a per-user and per-group basis — thereby providing tremendous flexibility and control. IronPort Web Security Manager enables automatic sync-up with existing authentication directories to provide a list of active groups. This enables administrators to further refine pre-existing LDAP-based or Active Directory-based groups. Administrators can define groups using network segments, IP addresses, subnet or CIDR ranges, as well as combine multiple network segments or separate groups into a single unit.

So it looks like it could handle this but just to be sure I will recommend you to open a new discussion into the IronPort board.

Please come back with the answer so we can learn from that as well

Remember to rate all of the helpful posts

Julio