Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Mastering Palo Alto Networks

You're reading from   Mastering Palo Alto Networks Build, configure, and deploy network solutions for your infrastructure using features of PAN-OS

Arrow left icon
Product type Paperback
Published in Jun 2022
Publisher Packt
ISBN-13 9781803241418
Length 636 pages
Edition 2nd Edition
Concepts
Arrow right icon
Author (1):
Arrow left icon
Tom Piens Aka 'Reaper' Tom Piens Aka 'Reaper'
Author Profile Icon Tom Piens Aka 'Reaper'
Tom Piens Aka 'Reaper'
Arrow right icon
View More author details
Toc

Table of Contents (18) Chapters Close

Preface 1. Understanding the Core Technologies 2. Setting Up a New Device FREE CHAPTER 3. Building Strong Policies 4. Taking Control of Sessions 5. Services and Operational Modes 6. Identifying Users and Controlling Access 7. Managing Firewalls through Panorama 8. Upgrading Firewalls and Panorama 9. Logging and Reporting 10. Virtual Private Networks 11. Advanced Protection 12. Troubleshooting Common Session Issues 13. A Deep Dive into Troubleshooting 14. Cloud-Based Firewall Deployment 15. Supporting Tools 16. Other Books You May Enjoy
17. Index

Configuring group mapping

If you are able to identify users on your network, you are also able to create security rules to allow or limit their access to certain resources. Role-Based Access Control (RBAC) can easily be enforced by binding LDAP groups to security policies, granting members of a certain organization within your company exclusive and reliable access to the resources they need wherever they go.

To get started, we need to create an LDAP profile so we can fetch group information. Go to Device | Server Profiles | LDAP and create a new profile. You will need one LDAP profile per domain in a multidomain or forest configuration.

There needs to be at least one server, but there can be up to four for redundancy. Don’t forget to change the port (636 should be the default, 389 for legacy unencrypted systems) if you’re going to use TLS encryption:

  1. Add at least one server by IP or FQDN and set the appropriate port (389 unencrypted, 636 for TLS).
  2. ...
lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime