Globalprotect vpn access permissions

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Globalprotect vpn access permissions

L4 Transporter

I want to give different access permission to different group when they access the network using the globalprotect vpn client. I have it configured but its now allowing me to pick the specific group that I want the access for

9 REPLIES 9

L0 Member

Navigate to Device > User Identification > Group Mapping and add the group that you want in the Group Include List. You can use the User-ID agent installed on the server as an LDAP proxy or manually configure an LDAP server.

L4 Transporter

I tried to do that but the group I wanted to add didn't show up as a choice. so if there are no groups chose does that mean nothing from ad is being used?

You can verify that its working correctly by using the command in the CLI as an example

show user group list

show user group name "test\test test"      

Like the dropdown list doesn't show all the groups? You may have to just filter it in the top portion or add it via cli.

What do you mean by working correctly? What am I going to see?

But this seems to only apply to security groups you can't use an ou group

I think the user group that I need it to read from is the users container in ad

https://live.paloaltonetworks.com/docs/DOC-4994

I found this document that might be helpful, not sure why you're not seeing the proper group but you might be correct. We only use security groups for this since they are purpose built in our organization so it works out well.

The guy you originally configured it set it to try to look at an OU, when I changed it to look at a security group then it worked

  • 4989 Views
  • 9 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!