Adding Users to a Security Policy

Reply
Not applicable

Adding Users to a Security Policy

I have agentless User-ID setup on my PA-500 (Software is 5.0.4).  I can do the command "show user ip-user-mapping all" and see a list of user accounts associated with IP addresses (not all of them in the domain, but I'm assuming that it's just what has been seen through the Security Logs on the domain controllers).  I've set up the Group Mappings as well.

However, my question is when I go to configure a security policy and choose the User field and click Add, a prepopulated list comes up with the groups I've selected in Group Mapping, but none of the user accounts that I can see in the "show user ip-user-mapping all" list.  Are the individual user accounts supposed to be showing up in the prepopulated list when going to add users to a security policy?

L4 Transporter

Re: Adding Users to a Security Policy

The drop down is only populated with groups configured in the group mapping configuration.

Not applicable

Re: Adding Users to a Security Policy

Ok, so I have to manually type in a username then.  As long as I know it's supposed to work that way, thanks.

Highlighted
L4 Transporter

Re: Adding Users to a Security Policy

The drop down list is populated from the LDAP server configuration.  The User-ID Agent just builds the user to IP mapping. 

As for the drop-down list showing names, it should auto-populate with usernames even if you haven't explicitly included groups.  However if you want to use Groups in policy you need to include them.  If the names aren't showing up it's either the browser or the LDAP connection but the drop-down list should show usernames without groups.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!