This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
Accept
Reject

radius user group

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

radius user group

alessandroco
L1 Bithead

‎03-14-2021 02:38 PM

Hello!

 

I'm studying the PCNSA, may I ask you a question about a security policy?

The "it" group in that policy could be a Radius group imported on the FW?

Or could be a way to map users to group?

 

group palo alto.png

 

 

PS:

it would be very useful if Palo Alto offered a free VM lab to test which we are learning, anyone know if it's already been provided?

 

Many thanks

Ale

1 person had this problem.
0 Likes Likes
2 REPLIES 2

aleksandar.astardzhiev
Cyber Elite
Cyber Elite

‎03-16-2021 04:14 AM

Hi @alessandroco ,

 

There are two ways to use users and user groups in policy:

- Local database: You can create the users (username and password) localy on firewall and then create user group again localy. After that in your security rule you can refer indivituals local users or the local user group. Local users and groups are configured under Device -> Local Users Database

 

- Group Mapping: Unfortunately currently only LDAP is supported. So if you have Active Directory, firewall will use LDAP to query the AD and "extract" all user groups that you have already created at the AD (you can set some filters and limit the groups that firewall will query, but by default FW will try to collect them all).

 

So to anwert your question - No, user groups information cannot be collected over RADIUS. You need LDAP to gather group membership information (which user is member of which group).

0 Likes Likes

alessandroco
L1 Bithead
In response to aleksandar.astardzhiev

‎03-16-2021 09:23 AM

Hello! Thank you very much for your answer, now is more clear to me!

Bwt I still need a clarification, in fact the question said: “what is the
purpose of the group in the security policy rule?

1)map username to groups
2)that group is a radius group

Which one do you suggest?

Thank you very much!
0 Likes Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks