https://live.paloaltonetworks.com/t5/general-topics/ad-authentication-problem-with-secondary-firewall/m-p/46737#M34356 <HTML><HEAD></HEAD><BODY><P>Hello Satish,</P><P></P><P>I hope the AD server is connected through the management interface. Hence, you need to capture packet on the management interface. It is not necessary to bring the firewall in <SPAN class="GINGER_SOFTWARE_mark">Active state</SPAN>, in order to capture <SPAN class="GINGER_SOFTWARE_mark">packet</SPAN>, you can capture in Passive FW as well.</P><P></P><P>Reference DOC: <A href="https://live.paloaltonetworks.com/docs/DOC-4595">tcpdump</A></P><P></P><P>Hope this helps.</P><P></P><P>Thanks</P></BODY></HTML> Wed, 30 Jul 2014 09:15:30 GMT HULK 2014-07-30T09:15:30Z https://live.paloaltonetworks.com/t5/general-topics/ad-authentication-problem-with-secondary-firewall/m-p/46724#M34343 <HTML><HEAD></HEAD><BODY><P><SPAN lang="EN-IN" style="font-size: 10pt; font-family: Arial, sans-serif;">HI friends..<BR /></SPAN></P><P><SPAN lang="EN-IN" style="font-size: 10pt; font-family: Arial, sans-serif;"><BR /></SPAN></P><P><SPAN lang="EN-IN" style="font-size: 10pt; font-family: Arial, sans-serif;">I am having two Palo Alto Network (</SPAN> PAN-PA-3020<SPAN lang="EN-IN" style="font-size: 10pt; font-family: Arial, sans-serif;"> ) firewall installed in HA&nbsp; mode (Active-Passive) .</SPAN></P><P></P><P>&nbsp; <SPAN lang="EN-IN" style="font-size: 10pt; font-family: Arial, sans-serif;">My problem is when ever my Primary FW goes down or change to passive and Secondary become Active, My Active directory authentication&nbsp; becomes fails, however all other things works fine. Please suggest.Thanks</SPAN></P><P><SPAN lang="EN-IN" style="font-size: 10pt; font-family: Arial, sans-serif;"><BR /></SPAN></P><P><SPAN lang="EN-IN" style="font-size: 10pt; font-family: Arial, sans-serif;">Regards</SPAN></P><P><SPAN lang="EN-IN" style="font-size: 10pt; font-family: Arial, sans-serif;">Satish<BR /></SPAN></P><P><SPAN lang="EN-IN" style="font-size: 12pt; font-family: 'Times New Roman', serif;"> <BR /> </SPAN></P></BODY></HTML> Mon, 28 Jul 2014 15:56:34 GMT https://live.paloaltonetworks.com/t5/general-topics/ad-authentication-problem-with-secondary-firewall/m-p/46724#M34343 Satish 2014-07-28T15:56:34Z https://live.paloaltonetworks.com/t5/general-topics/ad-authentication-problem-with-secondary-firewall/m-p/46725#M34344 <HTML><HEAD></HEAD><BODY><P>Hello Satish,</P><P></P><P>After the HA failover, did you check the reachability to the AD server from PAN firewall.? Also, verify <SPAN class="GINGER_SOFTWARE_mark">authd</SPAN> logs for more detail information.</P><P></P><P>Thanks</P></BODY></HTML> Mon, 28 Jul 2014 16:03:56 GMT https://live.paloaltonetworks.com/t5/general-topics/ad-authentication-problem-with-secondary-firewall/m-p/46725#M34344 HULK 2014-07-28T16:03:56Z https://live.paloaltonetworks.com/t5/general-topics/ad-authentication-problem-with-secondary-firewall/m-p/46726#M34345 <HTML><HEAD></HEAD><BODY><P>Hi Satish,</P><P></P><P>Make sure both the devices have similar authentication configuration, because authentication configuration is not synced via failover.</P><P></P><P>Regards,</P><P>Hardik Shah</P></BODY></HTML> Mon, 28 Jul 2014 16:03:58 GMT https://live.paloaltonetworks.com/t5/general-topics/ad-authentication-problem-with-secondary-firewall/m-p/46726#M34345 hshah 2014-07-28T16:03:58Z https://live.paloaltonetworks.com/t5/general-topics/ad-authentication-problem-with-secondary-firewall/m-p/46727#M34346 <HTML><HEAD></HEAD><BODY><P>Reference DOC for more details info--- HA-Sync :<A href="https://live.paloaltonetworks.com/docs/DOC-4175">Information Synchronized in an HA Pair</A></P></BODY></HTML> Mon, 28 Jul 2014 16:07:19 GMT https://live.paloaltonetworks.com/t5/general-topics/ad-authentication-problem-with-secondary-firewall/m-p/46727#M34346 HULK 2014-07-28T16:07:19Z https://live.paloaltonetworks.com/t5/general-topics/ad-authentication-problem-with-secondary-firewall/m-p/46728#M34347 <HTML><HEAD></HEAD><BODY><P>Hi Hardik,</P><P></P><P>let me check if i got any problem i will coordinate with you.apart from this any other configuration i need to consider??</P><P></P><P></P><P>Regards</P><P>Satish </P></BODY></HTML> Mon, 28 Jul 2014 16:12:14 GMT https://live.paloaltonetworks.com/t5/general-topics/ad-authentication-problem-with-secondary-firewall/m-p/46728#M34347 Satish 2014-07-28T16:12:14Z https://live.paloaltonetworks.com/t5/general-topics/ad-authentication-problem-with-secondary-firewall/m-p/46729#M34348 <HTML><HEAD></HEAD><BODY><P>Hi Hulk bro.,</P><P></P><P>Thanks for sharing such kind of use full document.</P><P></P><P>Regards</P><P>Satish</P></BODY></HTML> Mon, 28 Jul 2014 16:14:32 GMT https://live.paloaltonetworks.com/t5/general-topics/ad-authentication-problem-with-secondary-firewall/m-p/46729#M34348 Satish 2014-07-28T16:14:32Z https://live.paloaltonetworks.com/t5/general-topics/ad-authentication-problem-with-secondary-firewall/m-p/46730#M34349 <HTML><HEAD></HEAD><BODY><P>Hi Satish,</P><P></P><P>Most likely its happening due to configuration differences on both the boxes, verify the same.</P><P></P><P>Regards,</P><P>Hardik Shah</P></BODY></HTML> Mon, 28 Jul 2014 16:16:34 GMT https://live.paloaltonetworks.com/t5/general-topics/ad-authentication-problem-with-secondary-firewall/m-p/46730#M34349 hshah 2014-07-28T16:16:34Z https://live.paloaltonetworks.com/t5/general-topics/ad-authentication-problem-with-secondary-firewall/m-p/46731#M34350 <HTML><HEAD></HEAD><BODY><P>Hi Friends</P><P>I am facing such king of issue can you help me plz </P><P><IMG alt="AttendeeViewerImage004 - Copy.gif" class="image-0 jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/14719_AttendeeViewerImage004 - Copy.gif" style="max-width: 620px; height: auto;" /></P></BODY></HTML> Tue, 29 Jul 2014 06:47:51 GMT https://live.paloaltonetworks.com/t5/general-topics/ad-authentication-problem-with-secondary-firewall/m-p/46731#M34350 Satish 2014-07-29T06:47:51Z https://live.paloaltonetworks.com/t5/general-topics/ad-authentication-problem-with-secondary-firewall/m-p/46732#M34351 <HTML><HEAD></HEAD><BODY><P>Hello Satish,</P><P></P><P>Could you please re-configure the LDAP server credentials on this PAN firewall and let us know the result. It looks like your LDAP credentials were not configured correctly.</P><P></P><P>Thanks</P></BODY></HTML> Tue, 29 Jul 2014 07:03:50 GMT https://live.paloaltonetworks.com/t5/general-topics/ad-authentication-problem-with-secondary-firewall/m-p/46732#M34351 HULK 2014-07-29T07:03:50Z https://live.paloaltonetworks.com/t5/general-topics/ad-authentication-problem-with-secondary-firewall/m-p/46733#M34352 <HTML><HEAD></HEAD><BODY><P>Hi Hulk Bro..,</P><P></P><P>same configuration have primary firewall its working fine. but secondary firewall have only issue plz suggest.</P><P></P><P></P><P>Regards</P><P>Satish</P></BODY></HTML> Tue, 29 Jul 2014 08:58:38 GMT https://live.paloaltonetworks.com/t5/general-topics/ad-authentication-problem-with-secondary-firewall/m-p/46733#M34352 Satish 2014-07-29T08:58:38Z https://live.paloaltonetworks.com/t5/general-topics/ad-authentication-problem-with-secondary-firewall/m-p/46734#M34353 <HTML><HEAD></HEAD><BODY><P>Hello Satish,</P><P></P><P>It's not about the configuration, but LDAP credentials. Could you please try to re-enter credentials one more time on the passive node.</P><P></P><P>Thanks</P></BODY></HTML> Tue, 29 Jul 2014 13:58:29 GMT https://live.paloaltonetworks.com/t5/general-topics/ad-authentication-problem-with-secondary-firewall/m-p/46734#M34353 HULK 2014-07-29T13:58:29Z https://live.paloaltonetworks.com/t5/general-topics/ad-authentication-problem-with-secondary-firewall/m-p/46735#M34354 <HTML><HEAD></HEAD><BODY><P>Hi Satish,</P><P></P><P>Also try to capture traffic between AD server and Firewall, even capture can tell you whats going wrong. </P><P></P><P>As HULK said if its a authentication issue, you will be able to view in captures.</P><P></P><P>Capture is greatest friend for security engineers.</P><P></P><P>Regards,</P><P>Hardik Shah</P></BODY></HTML> Tue, 29 Jul 2014 14:20:26 GMT https://live.paloaltonetworks.com/t5/general-topics/ad-authentication-problem-with-secondary-firewall/m-p/46735#M34354 hshah 2014-07-29T14:20:26Z https://live.paloaltonetworks.com/t5/general-topics/ad-authentication-problem-with-secondary-firewall/m-p/46736#M34355 <HTML><HEAD></HEAD><BODY><P>Hi Hardik,</P><P></P><P>Is this required to Passive device active for the traffic capture or AD authentication verification.</P><P></P><P>If i am wrong plz correct me. buz customer are asking its not required to passive device to active for the same.&nbsp; </P><P></P><P>Regards</P><P>Satish</P></BODY></HTML> Wed, 30 Jul 2014 09:06:16 GMT https://live.paloaltonetworks.com/t5/general-topics/ad-authentication-problem-with-secondary-firewall/m-p/46736#M34355 Satish 2014-07-30T09:06:16Z https://live.paloaltonetworks.com/t5/general-topics/ad-authentication-problem-with-secondary-firewall/m-p/46737#M34356 <HTML><HEAD></HEAD><BODY><P>Hello Satish,</P><P></P><P>I hope the AD server is connected through the management interface. Hence, you need to capture packet on the management interface. It is not necessary to bring the firewall in <SPAN class="GINGER_SOFTWARE_mark">Active state</SPAN>, in order to capture <SPAN class="GINGER_SOFTWARE_mark">packet</SPAN>, you can capture in Passive FW as well.</P><P></P><P>Reference DOC: <A href="https://live.paloaltonetworks.com/docs/DOC-4595">tcpdump</A></P><P></P><P>Hope this helps.</P><P></P><P>Thanks</P></BODY></HTML> Wed, 30 Jul 2014 09:15:30 GMT https://live.paloaltonetworks.com/t5/general-topics/ad-authentication-problem-with-secondary-firewall/m-p/46737#M34356 HULK 2014-07-30T09:15:30Z https://live.paloaltonetworks.com/t5/general-topics/ad-authentication-problem-with-secondary-firewall/m-p/46738#M34357 <HTML><HEAD></HEAD><BODY><P>Hi Hulk Bro.,</P><P></P><P>I have <SPAN style="color: #3b3b3b; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif;">re-enter credentials on the passive node. but i am facing same issue. </SPAN></P><P></P><P>Regards</P><P>Satish</P></BODY></HTML> Wed, 30 Jul 2014 09:37:44 GMT https://live.paloaltonetworks.com/t5/general-topics/ad-authentication-problem-with-secondary-firewall/m-p/46738#M34357 Satish 2014-07-30T09:37:44Z