What is the correct type of adding Group include list on Panorama?

What is the correct type of adding Group include list on Panorama?

18095
Created On 01/01/20 01:47 AM - Last Modified 11/17/20 01:02 AM


Question


What is the correct type of adding Group include list on Panorama?

 

Environment


  • Any Panorama managing Palo Alto Firewalls.
  • Any PAN-OS.
  • Group mapping with Include List.

Answer


The correct format to be used is the CN format.
If the group name is pushed using the non-CN format such as "domain\group-name", the firewall will not show this group in the Group Include List.

Example of the failure:
  1.  Add the new group in the Include List on panorama templates such as "name\Panorama-admins".
  2. Commit to the Panorama.
  3. Push it to the Firewall. 
  4. The firewall will not show this new group in the Group Include List 
  5. This is because the Group name of "name\Panorama-admins" is not in the CN format.
User-added image

Panorama does not connect to the LDAP server of the firewall and cannot fetch the name of the "group list". Refer Configuring Group Include list for using group list in CN format.

 






 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PO1kCAG&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language