Palo Alto Networks Knowledgebase: Configuring Group Include List on M-100/Panorama for Managed Devices

Configuring Group Include List on M-100/Panorama for Managed Devices

6782
Created On 02/07/19 23:54 PM - Last Updated 02/07/19 23:54 PM
Cortex Data Lake Panorama
Resolution

Overview

When configuring a template on the M-100/Panorama, the UI for Group Include List does not display a list of available groups to select from.

 

Details

On the Palo Alto Networks firewall, the group mapping list can be pulled directly once the LDAP Profile has been configured:
Capture.JPG

 

However, when configuring templates on the Panorama/M-100 for the Group Mapping Include list, the available groups are not displayed.

Instead, the groups for the Group Include List must be manually added using the correct syntax:

 


Capture1.JPG

 

 

Available Groups are not visible as Panorama is not equipped with pulling the User-Group  info directly from the LDAP Active Directory.

The User-ID information is pulled up on the Panorama using Master Device in the device group.

 

Under template the administrator will have to manually configure LDAP settings and push to the device. It will not self populate. Administrator will need base and bind information handy before configuring. When pushing those templates to device and information is correct, then Panorama will be able to pull group information. Group mapping settings templates are different on Panorama and device by design. While pushing it as a template, Administrator will need to have group information ready. Once it is pushed to the device, the group information will appear in same format as device's group mapping setting.

 

 

 

owner: dwhyte



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFHCA0&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language