topic LDAP Members in group Issue in General Topics https://live.paloaltonetworks.com/t5/general-topics/ldap-members-in-group-issue/m-p/523762#M108437 <P>Issues with Members in a group and a security policy</P> <P>- pa 850/9.15 os level</P> <P>- I use ldap to sync with AD , I merged the groups I need in the include group option</P> <P>- I see all the groups in cli by using show groups</P> <P>- I can also list members in the group from cli ,&nbsp;</P> <P>- I use Kerbose to sycn user id's and they also show up in the userid /monitor..&nbsp;</P> <P>&nbsp;</P> <P>- If I put in a security policy by an AD group name as parameter to apply to a group "A", it fails to execute and drops through to a lower rule.</P> <P>- If I put a user who exists in group "A" in the rule same rule , the rule works for the user only,..,&nbsp; &nbsp;</P> <P>- In essence, the firewall knows about the groups and the users, but the security rule it doesn't seem to understand about that user inside the group&nbsp;</P> <P>- When I use the cli to list the user group A , it lists of the members.</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Sat, 10 Dec 2022 16:10:14 GMT SteveHolzman 2022-12-10T16:10:14Z LDAP Members in group Issue https://live.paloaltonetworks.com/t5/general-topics/ldap-members-in-group-issue/m-p/523762#M108437 <P>Issues with Members in a group and a security policy</P> <P>- pa 850/9.15 os level</P> <P>- I use ldap to sync with AD , I merged the groups I need in the include group option</P> <P>- I see all the groups in cli by using show groups</P> <P>- I can also list members in the group from cli ,&nbsp;</P> <P>- I use Kerbose to sycn user id's and they also show up in the userid /monitor..&nbsp;</P> <P>&nbsp;</P> <P>- If I put in a security policy by an AD group name as parameter to apply to a group "A", it fails to execute and drops through to a lower rule.</P> <P>- If I put a user who exists in group "A" in the rule same rule , the rule works for the user only,..,&nbsp; &nbsp;</P> <P>- In essence, the firewall knows about the groups and the users, but the security rule it doesn't seem to understand about that user inside the group&nbsp;</P> <P>- When I use the cli to list the user group A , it lists of the members.</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Sat, 10 Dec 2022 16:10:14 GMT https://live.paloaltonetworks.com/t5/general-topics/ldap-members-in-group-issue/m-p/523762#M108437 SteveHolzman 2022-12-10T16:10:14Z Re: LDAP Members in group Issue https://live.paloaltonetworks.com/t5/general-topics/ldap-members-in-group-issue/m-p/523763#M108438 <P>It seems as if I solved my own laziness..</P> <P>I originally cloned an existing rule, and modified it..</P> <P>When I started a new&nbsp; rule using the group , it now works..</P> Sat, 10 Dec 2022 16:17:42 GMT https://live.paloaltonetworks.com/t5/general-topics/ldap-members-in-group-issue/m-p/523763#M108438 SteveHolzman 2022-12-10T16:17:42Z