I've an issue on the PANOS 6.0.3
about enumaration of user or group in a security policy
I have to use the complete ldap syntax to found the user in the user source column
and when i tried to browse directly with the select menue
I obtain this
loading but nothing appear
anybody have this issue?
Solved! Go to Solution.
You can refer to this document:
-Also you can check if the Device>User Identification>Group Mapping Settings>Select the profile>Group Include list, if it is properly pulling the group information and if you have correct groups in the include list(if any).
-You can also try by creating a new group mapping profile to see if that fixes the issue.
-You haven't mentioned if its in panorama or local device. If its panorama, make you have properly selected the master device in the device group because that's where panorama pulls group info from that selected master device.
In the box type "cn=", it will pull all the groups. Basically you have to type something.
If you leave it blank than it takes more time to populate list. Which depends on management CPU of the box.
Same with the user name, you have to type user name in the box, It will pull the CN name. User name will never be auto populated like group names. You have to type something. Its by design.
Please check if the user groups are being pulled in the CLI:
>show user group list
If it shows up there, it could be a GUI glitch. Try a different browser.
Before that make sure you can see them in CLI with following command.
>show user group list
If it lists group than, I would suggest to restart management server once and see if that helps.
debug software restart management-server.
If that doesnt help than you might think of configuration changes.
I downgrade the PANOS in 6.0.2 and it works just after. think if I just resart the management plane it could be works. typicaly it looks like a delay to enumerate the user and group when i tried to add a user or group in a security policy.
the command show user group -list work's, in panOS 6.0.3 and no specific entry in the release note about this.
thank you very much for all
and sorry for delay to answer.
I am glad issue is resolved finally. Release note may not have any detailed about this because it may not be a bug. And simple resource utilization issue.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!