For details on cookie usage on our site, read our Privacy Policy
Restrict VPN access to AD group
- LIVEcommunity
- Discussions
- General Topics
- Restrict VPN access to AD group
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
Restrict VPN access to AD group
- Mark as New
- Subscribe to RSS Feed
- Permalink
02-06-2012 02:43 PM
Hi,
I want to give a VPN ipsec access to a group of users.
In GlobalProtect Portal | Client Configuration, I set the AD group in Source User.
My problem : all the users in the AD OU have access to the VPN despite they're not in the group.
I must have missed something ...
Someone already had this issue ?
Thanx.
- Mark as New
- Subscribe to RSS Feed
- Permalink
02-07-2012 08:34 PM
Hi...When you define the Authentication Profile, you would select the desired AD group(s) under the 'Allow List'. You then set Global Protect to use this auth profile and only those users in these group will be permitted.
Thanks.
- Mark as New
- Subscribe to RSS Feed
- Permalink
02-08-2012 03:03 AM
Hi,
In Authentication Profile, under the 'Allow List', I can't see my AD groups.
I’ve tried to manually enter the group name but it doesn't work.
In User Identification | Group Mapping, I've been able to include all the AD groups I want to use. And I can see these groups in GlobalProtect Portal | Client Configuration | Source User.
Thanx
- Mark as New
- Subscribe to RSS Feed
- Permalink
02-08-2012 03:06 AM
Hi,
In Authentication Profile, under the 'Allow List', I can't see my AD groups.
I’ve tried to manually enter the groups but it doesn’t work.
In User Identification | Group Mapping, I've been able to include all the AD groups I want to use. And I can see these groups in GlobalProtect Portal | Client Configuration |Source User.
Thanx
- Mark as New
- Subscribe to RSS Feed
- Permalink
02-08-2012 07:07 AM
Within the Authentication Profile, please make sure you set the authentication=LDAP and set the Server Profile=LDAP server.
Also, what version of PAN-OS are you running?
- GlobalProtect agent external gateway region restriction - portal still accessible in GlobalProtect Discussions
- URL Filtering is not working for Global Protect users in Next-Generation Firewall Discussions
- How to configure multiple global protect portals and gateways in GlobalProtect Discussions
- Bootstrap VM-series AWS firewalls not showing in Panorama in VM-Series in the Public Cloud
- Enforcing Global Protect only on remote sessions in General Topics
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
