We have a Palo Alot Firewall running PAN OS 7.1 that wil allow us to create polices for an individual user, but not for a user group using LDAP groups. This is strange because we have this abilty provisioned and working in one of our networks, but it is not working on this one network. We have worked with the Sys Admin to ensure we have the proper setting for our AD. Throwing this out to the community to see if anyone else has had this issue before. Thanks for your feed back.