https://live.paloaltonetworks.com/t5/general-topics/use-wildcard-in-user-group-based-policy/m-p/139552#M48134 <P>Hi Andrea,</P><P>&nbsp;</P><P>If you're using the syslog method for your user mapping then I believe that you can't use group mapping with this method. If you want to configure group mapping then you'll need to be using a directory service such as Active Directory or eDirectory.</P><P>&nbsp;</P><P>Check the Group Mapping document for more info and how you can enable this in your network.</P><P>&nbsp;</P><P><A href="https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/user-id/user-id-concepts#33876" target="_blank">https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/user-id/user-id-concepts#33876</A></P><P>&nbsp;</P><P>A different method would be to enter a source IP range in the source field of your security policy effectively everyone in your internal network uses this rule.</P><P>&nbsp;</P><P>hope this helps,</P><P>Ben</P> Thu, 26 Jan 2017 11:47:18 GMT bmorris1 2017-01-26T11:47:18Z https://live.paloaltonetworks.com/t5/general-topics/use-wildcard-in-user-group-based-policy/m-p/139539#M48132 <P>Hi,<BR />We have a Splunk Server that sends to your id-agent (on a windows server) the information of guest users.</P><P>Now on PA We can se user@acme.com in the logs, is possbile for us create a rule for all users from acme, without define each user?</P><P>&nbsp;</P><P>So a group policy without LDAP group.</P><P>We want to set in the field "source user", something like *@acme.com.</P><P>It is possible?</P><P>&nbsp;</P><P>Regards<BR />Andrea Acampa</P> Thu, 26 Jan 2017 10:46:59 GMT https://live.paloaltonetworks.com/t5/general-topics/use-wildcard-in-user-group-based-policy/m-p/139539#M48132 AndreaAcampa 2017-01-26T10:46:59Z https://live.paloaltonetworks.com/t5/general-topics/use-wildcard-in-user-group-based-policy/m-p/139552#M48134 <P>Hi Andrea,</P><P>&nbsp;</P><P>If you're using the syslog method for your user mapping then I believe that you can't use group mapping with this method. If you want to configure group mapping then you'll need to be using a directory service such as Active Directory or eDirectory.</P><P>&nbsp;</P><P>Check the Group Mapping document for more info and how you can enable this in your network.</P><P>&nbsp;</P><P><A href="https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/user-id/user-id-concepts#33876" target="_blank">https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/user-id/user-id-concepts#33876</A></P><P>&nbsp;</P><P>A different method would be to enter a source IP range in the source field of your security policy effectively everyone in your internal network uses this rule.</P><P>&nbsp;</P><P>hope this helps,</P><P>Ben</P> Thu, 26 Jan 2017 11:47:18 GMT https://live.paloaltonetworks.com/t5/general-topics/use-wildcard-in-user-group-based-policy/m-p/139552#M48134 bmorris1 2017-01-26T11:47:18Z https://live.paloaltonetworks.com/t5/general-topics/use-wildcard-in-user-group-based-policy/m-p/139599#M48151 <P>Thanks.</P><P>your reply has been very useful.</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 26 Jan 2017 15:49:59 GMT https://live.paloaltonetworks.com/t5/general-topics/use-wildcard-in-user-group-based-policy/m-p/139599#M48151 AndreaAcampa 2017-01-26T15:49:59Z