Manualshelf

Hardware reference guide

ManualsBrandsAlto ManualsComputer equipmentBEXT 100H
31323334353637383940
30 GlobalProtect Administrator’s Guide
Enable Group Mapping Set Up the GlobalProtect Infrastructure
Map Users to Groups
Step 1 Create an LDAP Server Profile that
specifies how to connect to the directory
servers to which the firewall should
connect to obtain group mapping
information.
1. Select
Device > Server Profiles > LDAP.
2. Click
Add and then enter a Name for the profile.
3. (Optional) Select the virtual system to which this profile applies
from the
Location drop-down.
4. Click
Add to add a new LDAP server entry and then enter a
Server name to identify the server (1-31 characters) and the IP
Address and Port number the firewall should use to connect to
the LDAP server (default=389 for LDAP; 636 for LDAP over
SSL). You can add up to four LDAP servers to the profile,
however, all the servers you add to a profile must be of the same
type. For redundancy you should add at least two servers.
5. Enter the LDAP
Domain name to prepend to all objects learned
from the server. The value you enter here depends on your
deployment:
If you are using Active Directory, you must enter the
NetBIOS domain name; NOT a FQDN (for example, enter
acme, not acme.com). Note that if you need to collect data
from multiple domains you must create a separate server
profile for each domain. Although the domain name can be
determined automatically, it is a best practice to enter the
domain name whenever possible.
If you are using a global catalog server, leave this field blank.
6. Select the
Type of LDAP server you are connecting to. The
group mapping values will automatically be populated based on
your selection. However, if you have customized your LDAP
schema you may need to modify the default settings.
7. In the
Base field, specify the point where you want the firewall
to begin its search for user and group information within the
LDAP tree.
8. Enter the authentication credentials for binding to the LDAP
tree in the
Bind DN, Bind Password, and Confirm Bind
Password
fields. The Bind DN can be in either User Principal
Name (UPN) format (i.e.
administrator@acme.local) or it
can be a fully qualified LDAP name (i.e.
cn=administrator,cn=users,dc=acme,dc=local).
9. If you want the firewall to communicate with the LDAP
server(s) over a secure connection, select the
SSL check box. If
you enable SSL, make sure that you have also specified the
appropriate port number.