This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

User Groups Seen as Users in Security Policy and new users added to that group are not getting identified.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

User Groups Seen as Users in Security Policy and new users added to that group are not getting identified.

Gururaj
L4 Transporter

‎12-10-2013 05:32 AM

Hi All,

Model- 2050  and PANOS- 5.0.6

In security policies groups are showed as a single user and any new user added to that group are not getting identified by the PaloAlto firewall. In source user column in policy showing single user icon instead group icon. But existing users in group are getting identified ( this issue is only for newly added users )

I verified using below commands and it seems everything is fine.

#show rulebase security rules test_rule          -----Showed source user as "xyz\test_group" ( group which i have used in security policy )

>show user group name xyz\test_group          ------Showed all the users in that group including newly added users.

>debug user-id refresh group mapping all       -------- Given message that refresh is successful.

But still device is not identifying those newly added users in group   ( still showing single user icon in source user column )

regards,

Gururaj

Labels:
0 Likes Likes
4 REPLIES 4

tasonibare
L3 Networker

‎12-10-2013 12:32 PM

Gururaj,

How are you configuring the group in the security policy? Do you get a drop down list of groups or you manually enter the group information?

If you are manually adding the group in security policy, try adding the long format (cn=test_group,ou=xyz...) and see if that makes a difference.

You might also want to try resetting the group mapping as well:

> debug user-id reset group-mapping all

Regards,

tasonibare

Gururaj
L4 Transporter
In response to tasonibare

‎12-10-2013 09:49 PM

Hi tasoni,

Thank you for suggestion,..

Yes, i have selected group from drop down list.

I have tried by refreshing the group-mapping

OK, let me to check it by resetting group-mapping

Regards,

Gururaj

0 Likes Likes

cfnavarra
L2 Linker

‎12-11-2013 12:30 AM

You could try to re-establish the mapping when the problem occurs.

#debug software restart user-id

0 Likes Likes

dpalani
L3 Networker

‎12-12-2013 10:51 AM

Try adding the distinguished name of the group in the security policy, the firewall will identify the short name and populate it automatically with the correct group icon.

Deepak

  • 3351 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks