Palo Alto Networks Knowledgebase: How to Add Groups to Security Policy

How to Add Groups to Security Policy

Created On 09/25/18 19:24 PM - Last Updated 09/25/18 23:09 PM
  1. Configure LDAP sever profile on the device.
  2. Verify the device can pull the group information by running the command:

    > show user group list
    which populates all the groups the device is pulling from the AD server.

  3. Configure User-ID agent settings on the device.  Go to Device > User Identification.
  4. Verify user-to-IP mapping is correct. Run the command:
    > show user ip-user-mapping all
    which populates all users the device is pulling from the User-ID-Agent.
  5. Go to Policies > Security.
  6. Click Add for a new policy or click an existing policy to add the groups.
  7. Under the Policy > User > Source User, click Add. The drop down populates available groups.
  8. Configure the security policy with the groups to be restricted.


owner: shasnain

  • Print
  • Copy Link

Choose Language