05-06-2021 12:30 PM
Hi,
I have searched and found similar posts but none seem to have a working solution for this...
I have a simple security policy to deny access to a VM located in the 'trust' zone if it matches a user in the user group created on the AD server.
I've confirmed with 'show user group name' that the firewall can indeed see the correct users in the group but when applying that group to the deny policy i'm not getting a hit.
any ideas?
Thanks,
05-07-2021 09:05 AM
Holy moly it worked.
I added the domain in the auth profile and left the username modifier as the default.
I tried this yesterday but changed the modifier to %USERDOMAIN%/%USERINPUT% and it didn't work.
Thanks all for your help on this.
07-14-2022 10:21 AM
Hi
Let me know if there is a way to remove the domain name from the group mapping
In my case:
show user group name emea.com\test
short name: emea.com\test
source type: ldap
source: test
[1 ] emea.com\test1
[2 ] emea.com\test2
[3 ] emea.com\test3
i only need from the group mapping the name "test1 or "test2" or "test3"
The reason why is because i get from external source on palo alto the user id test1 or "test2" or "test3"
The goal is create a policy rule base on the source user that is being part of a domain group
i expend hours and there is no way to understand or found the reason why palo alto get from ldap group mapping "domain name + name"
07-14-2022 10:26 AM
Hi
Please could you detail this a bit? I had a similar situation and not follow what is your solution even on the original post!
Thanks!
04-20-2023 10:00 AM
I'm experiencing a similar situation where using the internal USER-ID agent and mapping to three (3) server monitor domain controllers. Recently a user was denied access, and when searching the monitor traffic I noticed the there was no user mapping associated with the traffic. However, when I search the monitor>User ID, it shows that the firewall new of a user-mapping between I and user during that specific time.
note: When looking at monitor > User ID, I do notice that of the 3 server monitor, the user mapping only sources from 2 of the 3 domain controllers.
If anyone can provide some insight, this would be helpful. Thanks.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
