User-ID Agent AD Group Limitation?

Showing results for 
Search instead for 
Did you mean: 

User-ID Agent AD Group Limitation?

L3 Networker


Digging around in the various docs I've found I can't seem to find an answer to this question so I'll ask here..

I'm curious if there is a limit on the number of AD groups per user that the Agent can handle? I'm worried we might run into some limitation cause our group situation is really out of control with no fix in sight..




L4 Transporter

There is no known limit for the number of groups a user can belong to. However, if the user belongs to multiple groups and they are each referenced in the same policy etc. the user will be pulled from the first group the system finds them in. Read top down

There may be delay issues when reading multiple groups or multi tiered/ nested groups because the responss are expected within a certain amount of time - though in principal there is no limit to the number of groups a user may belong to

L3 Networker

repeating what sjamaluddin stated there is no known limit for the number of groups a user can belong to.

Here is a paltform capacity for User ID Agent

Maximum number of pan-agents per vsys: 100

Maximum number of pan-agents per platform: 100

Maximum number of groups that can be defined in policies per vsys: 640

If you need additonal informaiton please contact support or local SE for additional information.

Ok, good things to know!



Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!