We just recently moved to PA-500 and we are running 7.1.6. I was able to successfully add my LDAP to my group mapping however when I try to select my security groups instead of showing "Domain\GroupName" it is showing the AD distinguished name like cn=administrator,cn=users,dc=acme,dc=com. And maybe this is the reason why my url filtering security policies doesn't works.
Have you configured the Group mapping under Device->User Identification->Group Mapping?
This "cn=administrator,cn=users,dc=acme,dc=com" looks to me like a user account rather than a group(?). The best way to confirm what you are adding in the Security policy is a group is if you look at the icon to the left of the name it should show up a picture of 2 ppl for group and 1 for a user, similar to how AD shows the group and users.
Check the status on the CLI:
> show user group-mapping state all
This will show you the groups you are importing and available to use in Security policies.
Hope this helps.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!