06-24-2021 04:41 PM
I am unable to find the User group under user column in the Firewall Policy Tab and i see that the User Id agents are connected to the Firewall but when i do the same Search under the Group Inclusion List i see the Group in that Tab. I was wondering what is happening in the User Id tab in the Policy tab as the AD group not showing up
06-26-2021 03:14 AM
May I ask some additional questions regarding your issue:
06-28-2021 09:30 AM
Thank you @Remo for Looking at it
Here is the answers for the Questions
Do you use panorama for this configuration or are you talking about the group not showing up locally on the firewall?
Yes we user Panorama for this Configuration. No i am talking about the AD Group not showing in User Tab in Policies
I see the group in the Group Include list where we setup the Group Mappings in the Panorama but the same group will not appear in the User Tab when i am Creating Policy.
What hardware and PAN-OS version do you use and if it is one of the bigger firewalls do you use multi-vsys
PAN-OS Version- 9.0.11
Firewall Hardware-PA-5250
Yes it is Multi-Vsys
Do you see the group in the search list of the included groups tab or did you add these groups to the list of imported groups?
Yes correct I see them in Group Include List but will not appear when in User Tab in Polices
I followed the following troubleshooting steps
1) I added the Group in the Include where i was able to see the group then i went to the command line and did a debug Refresh command to see the Group will appear. The command used for Refresh
debug user-id refresh group-mapping group-mapping-name
2)I removed the Group from that list and then executed the Debug Refresh command again i was unable to find that group in the User Tab in Policies
If you added the groups to the included groups, did you commit the configuration?
Yes i did commit the configuration
Did you check in CLI if the group is imported and if there are users in it?
Yes in the command line when i check for all groups it shows up but if i check for Particular group it will not show up
show user group-mapping state Group-Name
06-28-2021 10:00 AM
In this case I have another question: did you set a master device in the device group?
(Step 7 on this link: https://docs.paloaltonetworks.com/panorama/9-0/panorama-admin/manage-firewalls/manage-device-groups/... )
06-28-2021 10:07 AM
Yes i did for that firewall by following the steps
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
