https://live.paloaltonetworks.com/t5/globalprotect-discussions/integrating-2-different-ldap-servers-in-palo-alto-for-global/m-p/443192#M2046 <P>Hi Abdul,</P><P>&nbsp;</P><P>Thanks for the update. Just want to check, if there is any other alternate solution apart from the above, as there is trust between both domain. Is it possible to integrate Palo Alto with on LDAP server &amp; users in other domain also can use the domain trust to get connected via Global Protect VPN.</P> Mon, 25 Oct 2021 12:51:39 GMT preetpk 2021-10-25T12:51:39Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/integrating-2-different-ldap-servers-in-palo-alto-for-global/m-p/443180#M2044 <P>Hi,</P><P>&nbsp;</P><P>We have a requirement as users belonging to 2 different domains (for eg: local.ae &amp; local.co.ae) need to connect via Palo Alto global protect VPN. Is it possible to integrate Palo Alto with 2 different LDAP profile, so that both local.ae &amp; local.co.ae domain users can connect remotely over Global Protect VPN.</P> Mon, 25 Oct 2021 11:57:32 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/integrating-2-different-ldap-servers-in-palo-alto-for-global/m-p/443180#M2044 preetpk 2021-10-25T11:57:32Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/integrating-2-different-ldap-servers-in-palo-alto-for-global/m-p/443187#M2045 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/71795">@preetpk</a>&nbsp;,</P><P>you can use both profiles in an Authentication Sequence profile, then use this Sequence profile for&nbsp; GP authentication.</P><P>&nbsp;</P> Mon, 25 Oct 2021 12:33:06 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/integrating-2-different-ldap-servers-in-palo-alto-for-global/m-p/443187#M2045 Abdul-Fattah 2021-10-25T12:33:06Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/integrating-2-different-ldap-servers-in-palo-alto-for-global/m-p/443192#M2046 <P>Hi Abdul,</P><P>&nbsp;</P><P>Thanks for the update. Just want to check, if there is any other alternate solution apart from the above, as there is trust between both domain. Is it possible to integrate Palo Alto with on LDAP server &amp; users in other domain also can use the domain trust to get connected via Global Protect VPN.</P> Mon, 25 Oct 2021 12:51:39 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/integrating-2-different-ldap-servers-in-palo-alto-for-global/m-p/443192#M2046 preetpk 2021-10-25T12:51:39Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/integrating-2-different-ldap-servers-in-palo-alto-for-global/m-p/443241#M2047 <P>You need to create two separate LDAP Server Profiles (one for each server).</P><P>&nbsp;</P><P>Then you need to create two separate Authentication Profiles (one for each LDAP server).</P><P>&nbsp;</P><P>Then you need to create an Authentication Sequence that lists which order you want to query the LDAP servers.</P><P>&nbsp;</P><P>Then you configure your GlobalProtect setup to use the Authentication Sequence to authenticate clients.</P><P>&nbsp;</P><P>That way, when a client connects to GlobalProtect and puts in their username and password, GlobalProtect will check the LDAP servers in the Authentication Sequence.&nbsp; If there's a working authentication from the first LDAP server, then the client is connected; if not, the second LDAP server is checked.&nbsp; If there's a working authentication from that one, then the client is connected; if not, the connection fails.</P><P>&nbsp;</P><P>You have to treat the LDAP servers as separate entities.</P> Mon, 25 Oct 2021 17:49:27 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/integrating-2-different-ldap-servers-in-palo-alto-for-global/m-p/443241#M2047 fjwcash 2021-10-25T17:49:27Z