Cannot add user to Security Rule by API

dbatrankov — Mon, 30 Sep 2019 16:09:55 GMT

There is a good example how to add user by API

http://api-lab.paloaltonetworks.com/groups.html#example-add-user-to-group-mappings-groups

If I put the XML from the example to https://192.168.1.100/php/rest/browse.php/user-id

<uid-message>
<version>2.0</version>
<type>update</type>
<payload>
<login>
<entry name="domain\user1" ip="192.168.1.50" />
</login>
<groups>
<entry name="group1">
<members>
<entry name="user1" />
<entry name="domain\user2" />
</members>
</entry>
<entry name="group2">
<members>
<entry name="user3" />
</members>
</entry>
</groups>
</payload>
</uid-message>

Then it works well:

<uid-response>

</uid-response>

</result>

</response>

admin@PA-220> show user ip-user-mapping all

IP Vsys From User IdleTimeout(s) MaxTimeout(s)

--------------------------------------------- ------------------- ------- -------------------------------- -------------- -------------

192.168.1.50 vsys1 XMLAPI domain\user1 2696 2696

Total: 1 users

But I cannot see this user "domain\user1" from security policy rule. Why? I see only group name.
Cannot get username to the list

Re: Cannot add user to Security Rule by API

Rajesh12 — Tue, 01 Oct 2019 03:26:02 GMT

@dbatrankov

I noticed similar behavior in the past. Try to type the username manually in the rule base and commit it. See if you can see logs for that security rule.

topic Re: Cannot add user to Security Rule by API in Automation/API Discussions

Cannot add user to Security Rule by API

Re: Cannot add user to Security Rule by API