I'm struggling thinking how i can do this. I've implemented SSL Decryption in the Palo Alto FW and i just tried with two IP's with a succesful result.
Now i would like to open the range. I want to apply that decryption rule to an OU of my domain but i don't know how to do it. Well, actually, i don't know if it's possible.
So, the thing is just to apply that rule to a group of users that i want to keep doing tests and i can't do it with IP addresses because we have DHCP deployed.
Can someone help me?
Thank you in advance.
This can help you I think 🙂
Did you correctly configure Group Mappings at Device > User Identification > Group Mapping Settings ?
Thank you Kiwi. I think i didn't explain myself well haha.
I know i can define some source users, i already have some of then. My question is:
If for example i want the users of an OU of my AD and they are 200 users, ¿Do i have to put those 200 users manually? Because i think i can't use groups from my domain.
And in the future i would like to open it for the rest of users of my company and the problem is that if i do it with subnets, i'll have devices without the CA cert and those will have problems probably.
Anyway, thank you for help!!
The screenshot might be misleading ... "Source users" doesn't mean you have to add each user individually 🙂
As Otakar mentioned you can create AD groups and use those in your decryption policy.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!