Goal:
Only AD user in AD Group "Firewall Admins" can login Palo Alto GW as Superusr
Domain: pa.local
Group: Firewall Admins
User: fwadmin1
user account used to query AD called "ldap"
1. Create LDAP Server Profile
Device > Server Profiles > LDAP
2. Create AD group mapping
Device > User Identification
3. Create Authentication Profile
Device > Authentication Profile
4. Add an administrator has name same as AD username
Device > Administrators
======Old++++++++++
1. Create LDAP Server Profile
2. Create an Authentication Profile
3. Create administrator account same with AD username.
Comments
Post a Comment