Globalprotect vpn access permissions

Reply
Highlighted
L4 Transporter

Globalprotect vpn access permissions

I want to give different access permission to different group when they access the network using the globalprotect vpn client. I have it configured but its now allowing me to pick the specific group that I want the access for

L0 Member

Re: Globalprotect vpn access permissions

Navigate to Device > User Identification > Group Mapping and add the group that you want in the Group Include List. You can use the User-ID agent installed on the server as an LDAP proxy or manually configure an LDAP server.

Highlighted
L4 Transporter

Re: Globalprotect vpn access permissions

I tried to do that but the group I wanted to add didn't show up as a choice. so if there are no groups chose does that mean nothing from ad is being used?

Highlighted
L0 Member

Re: Globalprotect vpn access permissions

You can verify that its working correctly by using the command in the CLI as an example

show user group list

show user group name "test\test test"      

Highlighted
L0 Member

Re: Globalprotect vpn access permissions

Like the dropdown list doesn't show all the groups? You may have to just filter it in the top portion or add it via cli.

Highlighted
L4 Transporter

Re: Globalprotect vpn access permissions

What do you mean by working correctly? What am I going to see?

Highlighted
L4 Transporter

Re: Globalprotect vpn access permissions

But this seems to only apply to security groups you can't use an ou group

Highlighted
L4 Transporter

Re: Globalprotect vpn access permissions

I think the user group that I need it to read from is the users container in ad

Highlighted
L0 Member

Re: Globalprotect vpn access permissions

https://live.paloaltonetworks.com/docs/DOC-4994

I found this document that might be helpful, not sure why you're not seeing the proper group but you might be correct. We only use security groups for this since they are purpose built in our organization so it works out well.

Highlighted
L4 Transporter

Re: Globalprotect vpn access permissions

The guy you originally configured it set it to try to look at an OU, when I changed it to look at a security group then it worked

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!