I have agentless User-ID setup on my PA-500 (Software is 5.0.4). I can do the command "show user ip-user-mapping all" and see a list of user accounts associated with IP addresses (not all of them in the domain, but I'm assuming that it's just what has been seen through the Security Logs on the domain controllers). I've set up the Group Mappings as well.
However, my question is when I go to configure a security policy and choose the User field and click Add, a prepopulated list comes up with the groups I've selected in Group Mapping, but none of the user accounts that I can see in the "show user ip-user-mapping all" list. Are the individual user accounts supposed to be showing up in the prepopulated list when going to add users to a security policy?
Solved! Go to Solution.
The drop down list is populated from the LDAP server configuration. The User-ID Agent just builds the user to IP mapping.
As for the drop-down list showing names, it should auto-populate with usernames even if you haven't explicitly included groups. However if you want to use Groups in policy you need to include them. If the names aren't showing up it's either the browser or the LDAP connection but the drop-down list should show usernames without groups.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!