https://live.paloaltonetworks.com/t5/general-topics/blocking-machines-from-ad-group/m-p/30618#M22408 <HTML><HEAD></HEAD><BODY><P>this whould be a really nice feature. i've only seen that on my checkpoint systems, appliances from CS or BC are missing that feature too.</P></BODY></HTML> Tue, 15 Jan 2013 08:05:48 GMT skemena 2013-01-15T08:05:48Z https://live.paloaltonetworks.com/t5/general-topics/blocking-machines-from-ad-group/m-p/30615#M22405 <HTML><HEAD></HEAD><BODY><P>Is it possible to block outgoing traffic, from an active-directory group containing machines?</P><P>blocking traffic by username works fine, but i want to use the machine ad group rather than entering all machines by fqdn or ip in an address group of objects on my pa.</P><P></P><P></P><P>i'm using a pa-3020 on pan-os 5.0.1</P><P></P><P></P><P>thanks</P></BODY></HTML> Mon, 14 Jan 2013 09:28:10 GMT https://live.paloaltonetworks.com/t5/general-topics/blocking-machines-from-ad-group/m-p/30615#M22405 skemena 2013-01-14T09:28:10Z https://live.paloaltonetworks.com/t5/general-topics/blocking-machines-from-ad-group/m-p/30616#M22406 <HTML><HEAD></HEAD><BODY><P>This is not possible as user-ip-mapping is done only for Active directory users and not the for the Computers. So it is not possible to block the traffic from machines in an AD group.</P></BODY></HTML> Mon, 14 Jan 2013 17:55:27 GMT https://live.paloaltonetworks.com/t5/general-topics/blocking-machines-from-ad-group/m-p/30616#M22406 sdurga 2013-01-14T17:55:27Z https://live.paloaltonetworks.com/t5/general-topics/blocking-machines-from-ad-group/m-p/30617#M22407 <HTML><HEAD></HEAD><BODY><P>What do you think is the probability to see this in future or is there perhaps already an active request for enhancement available?</P><P></P><P>Because it would be really nice if one could combine userid and machineid when setting up rules.</P></BODY></HTML> Mon, 14 Jan 2013 19:33:59 GMT https://live.paloaltonetworks.com/t5/general-topics/blocking-machines-from-ad-group/m-p/30617#M22407 mikand 2013-01-14T19:33:59Z https://live.paloaltonetworks.com/t5/general-topics/blocking-machines-from-ad-group/m-p/30618#M22408 <HTML><HEAD></HEAD><BODY><P>this whould be a really nice feature. i've only seen that on my checkpoint systems, appliances from CS or BC are missing that feature too.</P></BODY></HTML> Tue, 15 Jan 2013 08:05:48 GMT https://live.paloaltonetworks.com/t5/general-topics/blocking-machines-from-ad-group/m-p/30618#M22408 skemena 2013-01-15T08:05:48Z https://live.paloaltonetworks.com/t5/general-topics/blocking-machines-from-ad-group/m-p/393263#M90997 <P>Crap this thread is from 2013 and Palo appears to still not be able to map AD Machines for use?</P><P>That is going to make this migration from CheckPoint a lot more work and completely change our processes for allowing the help desk to take care of server internet access requests without the network group needing to be involved! <span class="lia-unicode-emoji" title=":disappointed_face:">😞</span></P><P>&nbsp;</P><P>Honestly I am not sure why this hasn't been done as the CheckPoint Identity Collector gathers AD security the same way as the Palo Windows User-ID Agent is... CheckPoint gets the needed information and is it able to do AD Machine mappings so Machines and Machine Groups can be used in access policies.</P><P>&nbsp;</P><P>Shouldn't the Palo User-ID Agent be capable of the same?</P> Wed, 24 Mar 2021 12:59:51 GMT https://live.paloaltonetworks.com/t5/general-topics/blocking-machines-from-ad-group/m-p/393263#M90997 DIEHARD 2021-03-24T12:59:51Z https://live.paloaltonetworks.com/t5/general-topics/blocking-machines-from-ad-group/m-p/405382#M91999 <P>Could you also please provide me any documentation on which I can divert the traffic from a group of users in Active Directory to a specific network.</P><P>&nbsp;</P><P>We have two internet connection and I am trying to splitting the group of users in Active Directory to different internet connection.</P> Fri, 07 May 2021 02:34:13 GMT https://live.paloaltonetworks.com/t5/general-topics/blocking-machines-from-ad-group/m-p/405382#M91999 ChaffeySC 2021-05-07T02:34:13Z