The user Id tab under not able to detect AD Group but Group Incluse List shows the Group

cancel
Showing results for 
Search instead for 
Did you mean: 

The user Id tab under not able to detect AD Group but Group Incluse List shows the Group

L1 Bithead

I am unable to find the User group under user column in the Firewall Policy Tab and i see that the User Id agents are connected to the Firewall but when i do the same Search under the Group Inclusion List i see the Group in that Tab. I was wondering what is happening in the User Id tab in the Policy tab as the AD group not showing up

 

 

 

4 REPLIES 4

Cyber Elite
Cyber Elite

Hi @Navaneeth1332 

May I ask some additional questions regarding your issue:

  • Do you use panorama for this configuration or are you talking about the group not showing up locally on the firewall?
  • What hardware and PAN-OS version do you use and if it is one of the biģger firewalls do you use multi-vsys?
  • Do you see the group in the search list of the included groups tab or did you add these groups to the list of imported groups?
  • If you added the groups to the included groups, did you commit the configuration?
  • Did you check in CLI if the group is imported and if there are users in it?

Thank you @vsys_remo for Looking at it

Here is the answers for the Questions

Do you use panorama for this configuration or are you talking about the group not showing up locally on the firewall?
Yes we user Panorama for this Configuration. No i am talking about the AD Group not showing in User Tab in Policies

I see the group in the Group Include list where we setup the Group Mappings in the Panorama but the same group will not appear in the User Tab when i am Creating Policy.

What hardware and PAN-OS version do you use and if it is one of the bigger firewalls do you use multi-vsys
PAN-OS Version- 9.0.11

Firewall Hardware-PA-5250

Yes it is Multi-Vsys

 

Do you see the group in the search list of the included groups tab or did you add these groups to the list of imported groups?
Yes correct I see them in Group Include List but will not appear when in User Tab in Polices

 

I followed the following troubleshooting steps

1) I added the Group in the Include where i was able to see the group then i went to the command line and did a debug Refresh command to see the Group will appear. The command used for Refresh

debug user-id refresh group-mapping group-mapping-name

2)I removed the Group from that list and then executed the Debug Refresh command again i was unable to find that group in the User Tab in Policies

 

If you added the groups to the included groups, did you commit the configuration?
Yes i did commit the configuration 

 

Did you check in CLI if the group is imported and if there are users in it?
Yes in the command line when i check for all groups it shows up but if i check for Particular group it will not show up

 

show user group-mapping state Group-Name

Hi @Navaneeth1332 

In this case I have another question: did you set a master device in the device group?

(Step 7 on this link: https://docs.paloaltonetworks.com/panorama/9-0/panorama-admin/manage-firewalls/manage-device-groups/... )

Yes i did for that firewall by following the steps  

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!