I have a need to configured user/group based policy. I having difficulties with the same and have multiple questions. I hope someone will help me with the configuration.
1. We push all our policies from Panorama. Can I configure user/group based policy on Panorama and push to all firewalls?
2. I have pushed the LDAP config from Panorama to all firewalls. Can I use the same in group mapping?
3. Do I need to configure group mapping before using the group or users in that group in the policy?
4. I have a scenario wherein I have configured local LDAP profile along with the Panorama pushed one. Although I can browse the group and create the group mapping, I cannot find any users which are part of that group from CLI
5. I have also found out that PA firewalls have issue browsing distribution groups. It can find security groups in active directory without any problem. Did anyone come across the same or know this limitation?
I already have a support case open however there is no resolution yet.
Thanks in advance.