User Groups Seen as Users in Security Policy and new users added to that group are not getting identified.

Reply
Highlighted
L4 Transporter

User Groups Seen as Users in Security Policy and new users added to that group are not getting identified.

Hi All,

Model- 2050  and PANOS- 5.0.6

In security policies groups are showed as a single user and any new user added to that group are not getting identified by the PaloAlto firewall. In source user column in policy showing single user icon instead group icon. But existing users in group are getting identified ( this issue is only for newly added users )

I verified using below commands and it seems everything is fine.

#show rulebase security rules test_rule          -----Showed source user as "xyz\test_group" ( group which i have used in security policy )

>show user group name xyz\test_group          ------Showed all the users in that group including newly added users.

>debug user-id refresh group mapping all       -------- Given message that refresh is successful.

But still device is not identifying those newly added users in group   ( still showing single user icon in source user column )

regards,

Gururaj

Highlighted
L3 Networker

Re: User Groups Seen as Users in Security Policy and new users added to that group are not getting identified.

Gururaj,

How are you configuring the group in the security policy? Do you get a drop down list of groups or you manually enter the group information?

If you are manually adding the group in security policy, try adding the long format (cn=test_group,ou=xyz...) and see if that makes a difference.

You might also want to try resetting the group mapping as well:

> debug user-id reset group-mapping all

Regards,

tasonibare

Highlighted
L4 Transporter

Re: User Groups Seen as Users in Security Policy and new users added to that group are not getting identified.

Hi tasoni,

Thank you for suggestion,..

Yes, i have selected group from drop down list.

I have tried by refreshing the group-mapping

OK, let me to check it by resetting group-mapping

Regards,

Gururaj

L2 Linker

Re: User Groups Seen as Users in Security Policy and new users added to that group are not getting identified.

You could try to re-establish the mapping when the problem occurs.

#debug software restart user-id

Highlighted
L3 Networker

Re: User Groups Seen as Users in Security Policy and new users added to that group are not getting identified.

Try adding the distinguished name of the group in the security policy, the firewall will identify the short name and populate it automatically with the correct group icon.

Deepak

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!