Group Mapping Centralization for Virtual System Hubs
Table of Contents
Group Mapping Centralization for Virtual System Hubs
To simplify group-based policy configuration
and enforcement, you can now share group mappings across
virtual systems. When you configure a virtual system as a hub, other
virtual systems can refer to the hub for mappings when they need
to identify groups instead of each virtual system collecting the
information independently.
If the same group mapping on
the local firewall differs from the group mapping on the virtual
system hub, the firewall uses the local mapping.
Use the same format for the Primary Username
across virtual systems and firewalls.
- Assign the virtual system as a User-ID hub.
- ConfirmUser Group Mappingas theMapping Typethat you want to share then clickOK.You must select at least one mapping type.
- Follow the best practices to consolidate your User-ID sources on the hub and then remove the duplicate sources from the existing virtual systems.
- Commityour changes to enable the User-ID hub and begin collecting mappings for the consolidated sources.If the group mapping on a firewall differs from the group mapping on the hub, the group mapping on the firewall overrides the group mapping on the hub.
- Confirm the User-ID hub is mapping the groups by entering the following commands:
- show user group-mapping statistics
- show user group-mapping state all
- show user group list
- show user group name<group-name>