I have some questions regarding on how to block URL category and by user group.
the box is PA-2020 and when I block the social-networking with the source user is by group it wont work.
When i look on the CLI the user group is <XXXX>.org but on the gui of the paloalto under user it only appears different group YYYY.org
box configuration is active-untrust and passive-untrust, set as Vwire.
box has also a proxy server, so they also have a proxy-untrust and proxy-trust, also configured as Vwire.
Are you saying the LDAP user group in the CLI is different than the GUI? If so, I suggest you open a case with support.
You can also check the traffic log to see which rule is matching the user to help isolate the problem. You may want to write a rule to match on the username (instead of LDAP group) to see if that work.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!