09-25-2019 03:22 AM
Hi,
I am trying to configure user-id based authentication in Palo Alto 5220 (Pan OS 9.0.2). I have integrated Palo Alto with AD using LDAP profile. I am not able to add the AD groups in the "Group Include" list as they are not being listed in the GUI. I am using panorama to manage the firewall. However, i am able to view the groups in CLI of the firewall if i give the command "show user group list" lists all the AD groups in CLI. Also, i am able to view the "user-ip" mapping in CLI. However, i am not able to select groups in GUI under "Group mapping" and security policies. Please suggest.
09-25-2019 04:06 AM
@MGRashmi , Hi.
In Panorama you need to list a "Master Device" at the bottom of your device group page.
09-25-2019 04:47 AM
Hi,
Thanks for your response. Master device is already mentioned in the Panorama, still the group list is empty.
09-25-2019 05:31 AM
I think the group mapping stuff is only visible if they were already active when imported to Panorama.
if you are adding groups from scratch you may need to follow this.
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClIOCA0
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
