Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
gurowar
Contributor

Pulling Active Directory Groups in to the firewall to create policies

Good day;

Hope all is well, I have a quick question is there a way from the firewall that I can pull a specific group defined in Active Directory and import that group to the firewall so I can create a policy from the AD group?  What I am trying to accomplish is that every time the AD group is updated that the same group on the firewall will poll any changes from the AD and update its user group or is that wishful thinking and all this has to be done manually.  So if someone new joins the company and AD gets updated I will have to go to the firewall and update that new person for access as well?  I hope that make sense.

Thank you in advance!!!

Warren

0 Kudos
8 Replies
the_rock
Legend
Legend

You dont have to do that, its all automatic. TAC told me once that sometimes it may take up to 15 mins, but I fins its way faster than that. Also, if you wish to use certain AD group, that can be done by creating access role, which you need identity awareness blade enabled on the fw.

Best,

Andy

0 Kudos
gurowar
Contributor

Really?!?! Perhaps I am not looking correctly but is there instructions on how to do that? I didn't find any so that is why I asked here.

0 Kudos
the_rock
Legend
Legend

No clue what instructions those are, if you can send, happy to check. Personally, I never ever had to do anything for it.

Best,

Andy

0 Kudos
gurowar
Contributor

Thats the thing, not sure how to start, I was just going to do it manually and add/remove folks as needed but then someone asked isn't there a way you can base it off an AD group and have the firewall pull it from there. I was hoping someone already done so and can point me in the right direction or point me to the documentation. If not, I will just do it manually

0 Kudos
the_rock
Legend
Legend

Here is what I would personally suggest...if you have to do this manually, something else is wrong. I would call TAC and do remote session, so they can examine the config. Is this onprem mgmt or S1C? Can you make sure branches can be fetched from ldap account unit? Also, say if you use IA blade, then when creating new access role, users should be able to be pulled from the AD 100% (thats mind you if all was syched right)

Andy

0 Kudos
gurowar
Contributor

ok thank you sir for the info, will talk to TAC

Thank you Andy for your help!!!

 

Thank you,

Warren

0 Kudos
Wolfgang
Authority
Authority

@gurowar if I understand your requirement correct you simple need to implement Identity Awareness to build a rulebase based on identities. Have look at Enforcing Security Based on Identities to understand how it works and how to build.

0 Kudos
gurowar
Contributor

Will check it out, thank you sir!!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events