- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
10-25-2012 09:49 AM
Can it handle nested Active Directory groups?
Security policy with a group which a user is not direct member of. When user tries connection through firewall then it checks the groups within the group (an so on).
Can it be configured how deep the nesting is checked?
06-21-2013 01:34 AM
you mean there is a group inside a group
group1\group2\group3\group4\group5
group5 is member of all 1,2,3,4 groups
so you can write a rule for group5 ????
06-24-2013 05:40 AM
no, the other why around, Can write a rule for group1 which has 2,3,4,5 as members and it applies to all of them?
06-24-2013 07:17 AM
We can authenticate users and also fetch the group mapping for users that are nested within multiple AD groups. You can also verifiy if the users nested in these groups are being picked up from the firewall, from the web interface: Device tab-->user identification-->group mapping settings--group include list, + box on the hierarchy being read by the firewall.
When users are nested within hierarchies of groups, you can configure the topmost hierarchy (group 1) under the policy, and it checks for all the groups nested under it to see if the user belongs under them.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!