Palo Alto Firewall AD Group Mapping

September 29, 2014 0 Comments palo alto networks, active-directory

These commands will help troubleshoot and resolve issues with Active Directory groups on your PAN firewall.

1. Shows every AD group added to the PAN firewall:

show user group list

2. Shows the user and IP address mapping (or specific user):

show user ip-user-mapping all

3. Gives more detailed statistics of the command above:

show user group-mapping state all

4. Shows the user members of the group specified:

show user group name "group_name"

5. Re-pulls the user-to-group mapping from AD:

debug user-id reset group-mapping all

6. Refreshes all user-to-IP mappings:

debug user-id refresh user-id agent all

7. Restarts the user-id service (this command is usually not needed):

debug software restart user-id