Paloalto Firewall Commands Reference

Group-Mapping:

1. view the state of Group Mapping whether any error occurred:

admin@HNSPAFW (active) > show user group-mapping state all

2. View list of Active Directory members synced with PA: say you have newly added a user to an internet access group in AD and want to check that it is reflected in PA

admin@HNSPAFW (active) > show user group name “hsngroup.net\level-internet-access-group”

3. Refresh members of specific AD Group in group mapping: say you have newly added a user to an internet access group in AD but he is still not able to browse, then refresh Group Mapping, below command doesn’t affect your existing traffic

admin@HNSPAFW (active) > debug user-id refresh group-mapping …………

4. Refresh members of all AD Groups in group mapping: below command doesn’t affect your existing traffic

admin@HNSPAFW (active) > debug user-id refresh group-mapping all

Leave a Reply