: Group Mapping Centralization for Virtual System Hubs
Focus
Focus

Group Mapping Centralization for Virtual System Hubs

Table of Contents

Group Mapping Centralization for Virtual System Hubs

To simplify group-based policy configuration and enforcement, you can now share group mappings across virtual systems. When you configure a virtual system as a hub, other virtual systems can refer to the hub for mappings when they need to identify groups instead of each virtual system collecting the information independently.
If the same group mapping on the local firewall differs from the group mapping on the virtual system hub, the firewall uses the local mapping.
Use the same format for the Primary Username across virtual systems and firewalls.
  1. Assign the virtual system as a User-ID hub.
  2. Confirm User Group Mapping as the Mapping Type that you want to share then click OK.
    You must select at least one mapping type.
  3. Follow the best practices to consolidate your User-ID sources on the hub and then remove the duplicate sources from the existing virtual systems.
  4. Commit your changes to enable the User-ID hub and begin collecting mappings for the consolidated sources.
    If the group mapping on a firewall differs from the group mapping on the hub, the group mapping on the firewall overrides the group mapping on the hub.
  5. Confirm the User-ID hub is mapping the groups by entering the following commands:
    • show user group-mapping statistics
    • show user group-mapping state all
    • show user group list
    • show user group name <group-name>