PCNSE · Question #332
PCNSE Question #332: Real Exam Question with Answer & Explanation
The correct answer is C: A Master Device. When Panorama Device Group policies reference LDAP user and group information, Panorama itself does not perform User-ID lookups directly against the LDAP server. Instead, a Master Device must be configured in Panorama - this is a designated managed firewall that Panorama queries
Question
An engineer creates a set of rules in a Device Group (Panorama) to permit traffic to various services for a specific LDAP user group. What needs to be configured to ensure Panorama can retrieve user and group information for use in these rules?
Options
- AA service route to the LDAP server
- BA User-ID agent on the LDAP server
- CA Master Device
- DAuthentication Portal
Explanation
When Panorama Device Group policies reference LDAP user and group information, Panorama itself does not perform User-ID lookups directly against the LDAP server. Instead, a Master Device must be configured in Panorama - this is a designated managed firewall that Panorama queries to retrieve and validate user-to-group mappings for use in shared policies. The Master Device acts as the authoritative source for this information within Panorama's management context. A User-ID agent and service route are configured on the firewall itself, not Panorama, and Authentication Portal is a separate explicit authentication mechanism unrelated to this retrieval process.
Community Discussion
No community discussion yet for this question.