Why do Prisma Access firewalls not pull all the groups that are present in the Cloud Identity Engine?

Why do Prisma Access firewalls not pull all the groups that are present in the Cloud Identity Engine?

6218
Created On 02/19/22 00:41 AM - Last Modified 08/04/22 20:48 PM


Question


Why do Prisma Access firewalls not pull all the groups that are present in the Cloud Identity Engine?

Environment


  • Prisma Access Firewalls
  • Group mapping using Cloud Identity Engine

Answer


  1. In traditional (LDAP server) group mapping, the Firewalls fetch full groups which are configured in the "Group include list".
  2. With the Cloud Identity Engine, Prisma Access Firewalls will fetch only those groups that are used in configuration. Some of the places where groups are configured are listed below.
  • Allow list: Authentication allow list, GlobalProtect allow list.
  • Rules: Security rules, QOS rules, Authentication rules, DOS rules.
  • Tunnel Inspection, Decryption, PBF and Reports.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004NHiCAM&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language