Palo Alto Networks Knowledgebase: How to Add Groups to Security Policy

How to Add Groups to Security Policy

3874
Created On 09/25/18 19:24 PM - Last Updated 09/25/18 23:09 PM
Policy
Resolution
  1. Configure LDAP sever profile on the device.
  2. Verify the device can pull the group information by running the command:

    > show user group list
    which populates all the groups the device is pulling from the AD server.

  3. Configure User-ID agent settings on the device.  Go to Device > User Identification.
  4. Verify user-to-IP mapping is correct. Run the command:
    > show user ip-user-mapping all
    which populates all users the device is pulling from the User-ID-Agent.
  5. Go to Policies > Security.
  6. Click Add for a new policy or click an existing policy to add the groups.
  7. Under the Policy > User > Source User, click Add. The drop down populates available groups.
  8. Configure the security policy with the groups to be restricted.

    samir.JPG

owner: shasnain



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClXWCA0&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language