Adding Users to a Security Policy

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

Adding Users to a Security Policy

Not applicable

I have agentless User-ID setup on my PA-500 (Software is 5.0.4).  I can do the command "show user ip-user-mapping all" and see a list of user accounts associated with IP addresses (not all of them in the domain, but I'm assuming that it's just what has been seen through the Security Logs on the domain controllers).  I've set up the Group Mappings as well.

However, my question is when I go to configure a security policy and choose the User field and click Add, a prepopulated list comes up with the groups I've selected in Group Mapping, but none of the user accounts that I can see in the "show user ip-user-mapping all" list.  Are the individual user accounts supposed to be showing up in the prepopulated list when going to add users to a security policy?

1 accepted solution

Accepted Solutions

L4 Transporter

The drop down is only populated with groups configured in the group mapping configuration.

View solution in original post


L4 Transporter

The drop down is only populated with groups configured in the group mapping configuration.

Ok, so I have to manually type in a username then.  As long as I know it's supposed to work that way, thanks.

The drop down list is populated from the LDAP server configuration.  The User-ID Agent just builds the user to IP mapping. 

As for the drop-down list showing names, it should auto-populate with usernames even if you haven't explicitly included groups.  However if you want to use Groups in policy you need to include them.  If the names aren't showing up it's either the browser or the LDAP connection but the drop-down list should show usernames without groups.

  • 1 accepted solution
  • 3 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!