Palo Alto Firewall AD Group Mapping

These commands will help troubleshoot and resolve issues with AD groups on your PAN device.

  1. show user group list
    1. Shows every AD group added to the PAN firewall
  2. show user ip-user-mapping all (or specific user)
    1. Shows the user and IP address mapping
  3. show user group-mapping state all
    1. Gives more detailed statistics of the command above
  4. show user group name “???”
    1. Shows the user members of the group specified
  5. debug user-id reset group-mapping all
    1. Re-pulls the user-to-group mapping from AD
  6. debug user-id refresh user-id agent all
    1. Refreshes all user-to-IP mappings
  7. debug software restart user-id (this command is usually not needed)
    1. Restarts the user-id service
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s