You can now configure policies to reference
more user groups. This is useful in environments where access
control for each application or service is based on membership in
a user group, and where the number of applications, services, and
groups is increasing.
The number of distinct user groups that each firewall or Panorama
can reference across all policies varies by model:
VM-50, VM-100, VM-300, PA-200, PA-220, PA-500, PA-800
Series, PA-3020, and PA-3050 firewalls—1,000 groups
VM-500, VM-700, PA-5020, PA-5050, PA-5060, PA-5200 Series,
and PA-7000 Series firewalls, and all Panorama models—10,000 groups
In this release, you will also find that error alerts for group
mapping configurations are improved: the validation process now
checks for errors in nested group lists. Nesting in this context
describes group lists where individual list entries can also be group
lists. The firewall and Panorama can validate group lists that are
nested up to ten layers deep.
