07-23-2018 01:53 AM
We have configured Global Protect VPN. We are trying to configure specific user/user groups under Global Protect Gateway in AGENT config on Panorama server. Unfortunately, we are not able to see any user ids/user groups under drop down list. But we can see list locally on firewall.
Need your help.
01-05-2023 02:26 PM - edited 01-05-2023 02:28 PM
Check under "Monitor > GlobalProtect" in what format gateway sees username.
You can use all 3 for testing:
For group you can also test full LDAP path that you can get from domain controller command prompt with command like:
dsquery group -name "VPN Users"
05-03-2023 04:28 AM
Same issue and here is the response from Tech Support. We went over the configuration, and everything appears to be in order. We talked about how Panorama doesn't automatically populate user-group information for any references in the Template.
As I explained, that it worked in security policy doesn't mean it should automatically work in Global Protect as, according to the backend engineers, the device group and the templates are two different functional variables (from the backend coding).
As a result, we're unable to auto-populate user group mapping from CIE in Panorama GUI for Portal Agent config selection criteria under Global Protect portal settings, or for gateway client-settings under Global Protect Gateway settings.
This is expected behavior, and we'll need to manually input the user group when the configuration is pushed from Panorama. We also noted that there's a feature request for this capability, identified by ID 8467 (FR-8467).
Please don't hesitate to contact your account team to vote for the feature request on your behalf.
Nott going to be fixed soon. Will need to add manually until FR is accepted.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!