Group Mapping Centralization for Virtual System Hubs

To simplify group-based policy configuration and enforcement, you can now share group mappings across virtual systems. When you configure a virtual system as a hub, other virtual systems can refer to the hub for mappings when they need to identify groups instead of each virtual system collecting the information independently.
If the same group mapping on the local firewall differs from the group mapping on the virtual system hub, the firewall uses the local mapping.
Use the same format for the Primary Username across virtual systems and firewalls.
  1. Assign the virtual system as a User-ID hub.
  2. Confirm
    User Group Mapping
    as the
    Mapping Type
    that you want to share then click
    You must select at least one mapping type.
  3. Follow the best practices to consolidate your User-ID sources on the hub and then remove the duplicate sources from the existing virtual systems.
  4. Commit
    your changes to enable the User-ID hub and begin collecting mappings for the consolidated sources.
    If the group mapping on a firewall differs from the group mapping on the hub, the group mapping on the firewall overrides the group mapping on the hub.
  5. Confirm the User-ID hub is mapping the groups by entering the following commands:
    • show user group-mapping statistics
    • show user group-mapping state all
    • show user group list
    • show user group name

Recommended For You