Palo Alto Networks Knowledgebase: Active Directory Groups in Panorama Rules
Active Directory Groups in Panorama Rules
Created On 09/25/18 19:38 PM - Last Updated 02/08/19 00:02 AM
Active Directory (AD) groups can be used in the security rules, but Panorama does not have a User-ID feature. In Panorama 4.1 and later, the groups to be used in the Security Policy are pulled from the master device.
Go to the Panorama > Device Groups and select Master Device.
Click OK to commit and check in Security Policy. The following screenshot shows an example of the Active Directory groups pulled from the Master Device and available for selection in the Security Policy rule on Panorama: