User Groups Capacity Increase
You can now configure policies to reference more user groups. This is useful in environments where access control for each application or service is based on membership in a user group, and where the number of applications, services, and groups is increasing.
The number of distinct user groups that each firewall or Panorama can reference across all policies varies by model:
- VM-50, VM-100, VM-300, PA-200, PA-220, PA-500, PA-800 Series, PA-3020, and PA-3050 firewalls—1,000 groups
- VM-500, VM-700, PA-5020, PA-5050, PA-5060, PA-5200 Series, and PA-7000 Series firewalls, and all Panorama models—10,000 groups
In this release, you will also find that error alerts for group mapping configurations are improved: the validation process now checks for errors in nested group lists. Nesting in this context describes group lists where individual list entries can also be group lists. The firewall and Panorama can validate group lists that are nested up to ten layers deep.
User-ID Features New User-ID Features Description Panorama and Log Collectors as User-ID Redistribution Points You can now leverage your Panorama™ and distributed log collection infrastructure ...
Map Users to Groups
Map Users to Groups Defining policy rules based on user group membership rather than individual users simplifies administration because you don’t have to update the ...
User-ID Features Panorama and Log Collectors as User-ID Redistribution Points Centralized Deployment and Management of User-ID and TS Agents User Groups Capacity Increase User-ID Syslog ...
Device > User Identification > Group Mapping Settings
Device > User Identification > Group Mapping Settings To base security policies and reports on users and user groups, the firewall retrieves the list of ...
Upgrade/Downgrade Considerations The following table lists the new features that have upgrade or downgrade impacts. Make sure you understand all potential changes before you upgrade ...