Palo Alto Firewall AD Group Mapping

These commands will help troubleshoot and resolve issues with AD groups on your PAN device.

  1. show user group list
    1. Shows every AD group added to the PAN firewall
  2. show user ip-user-mapping all (or specific user)
    1. Shows the user and IP address mapping
  3. show user group-mapping state all
    1. Gives more detailed statistics of the command above
  4. show user group name “???”
    1. Shows the user members of the group specified
  5. debug user-id reset group-mapping all
    1. Re-pulls the user-to-group mapping from AD
  6. debug user-id refresh user-id agent all
    1. Refreshes all user-to-IP mappings
  7. debug software restart user-id (this command is usually not needed)
    1. Restarts the user-id service

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s