Group Mapping Centralization for Virtual System Hubs
To simplify group-based policy configuration
and enforcement, you can now share group mappings across
virtual systems. When you configure a virtual system as a hub, other
virtual systems can refer to the hub for mappings when they need
to identify groups instead of each virtual system collecting the
information independently.
If the same group mapping on
the local firewall differs from the group mapping on the virtual
system hub, the firewall uses the local mapping.
Use the same format for the Primary Username
across virtual systems and firewalls.
Follow the best practices to consolidate your User-ID sources on
the hub and then remove the duplicate sources from the existing
virtual systems.
Commit
your changes to enable
the User-ID hub and begin collecting mappings for the consolidated
sources.
If the group mapping on a firewall differs from the group
mapping on the hub, the group mapping on the firewall overrides
the group mapping on the hub.
Confirm the User-ID hub is mapping the groups by entering
the following commands: