Update references to users in the policy

If you have created a new External LDAP Domain element for EasyConnect, replace the references to user groups and users that belong to the old LDAP domain with references to user groups and users that belong to the new LDAP domain in the policy of the NGFW Engine.

Note: This task is only required if you use SMC 6.6.2 or lower.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Configuration, then browse to User Authentication.
  2. Right-click the name of the old External LDAP Domain element, then select Tools > Where Used?.
    A list of policies and rules that contain references to user groups and users associated with the LDAP domain is shown.
  3. Click the arrow in front of the name of each policy to view the list of rules that contain references to user groups and users.
  4. In the list of policies and rules, right-click the first rule in the first policy, then select Edit <name of rule>.

    The policy opens with the rule highlighted.
  5. Add a copy of the existing rule in the policy.
    1. Right-click the rule, then select Rule > Copy Rule.
    2. Right-click the rule, then select Paste.
      A copy of the rule is added in the policy.
  6. Update the references to user groups and users in the new rule that you added.
    1. Remove the current user groups and users from the new rule.
    2. In the Resources pane, select Users, then select the new LDAP domain.
    3. Drag and drop the user groups and users to the new rule.
  7. Right-click the rule that contains references to the user groups and users that belong to the old LDAP domain, then select Disable.
    Tip: You can remove this rule later when you have confirmed that user groups and users that belong to the new LDAP domain work correctly in the new rule that you added.
  8. If other rules that belong to the same policy contain references to user groups or users that belong to the old LDAP domain, open each rule for editing, create a new rule with references to user groups and users in the new LDAP domain, then disable the old rule.
  9. When you have updated all the references to user groups and users that belong to the old LDAP domain, click Save and Install.
  10. If there are references to user groups and users that belong to the old LDAP domain in rules in any other policies, remove the references to them in the same way.
  11. (Recommended) When you have removed all the references to user groups and users that belong to the old LDAP domain from all the policies, right-click the old External LDAP Domain element, then select Delete.
    If any references to user groups and users in the LDAP domain still remain, a list of the references is shown. You must remove all the remaining references before you can remove the External LDAP Domain element.

Next steps

Do the following, depending on the method you want to use:
  • Access rules method — Add the Access rule to the policy of the NGFW Engine.
  • NAT rules method — Add the NAT rule to the policy of the NGFW Engine.
  • Custom Service element method — Create the Service element.