https://live.paloaltonetworks.com/t5/general-topics/secure-ldap-policy-rule-setup/m-p/10867#M8012 <HTML><HEAD></HEAD><BODY><P>That worked.&nbsp; Thanks.</P></BODY></HTML> Wed, 11 Mar 2015 14:33:18 GMT dannon 2015-03-11T14:33:18Z https://live.paloaltonetworks.com/t5/general-topics/secure-ldap-policy-rule-setup/m-p/10865#M8010 <HTML><HEAD></HEAD><BODY><P>Hello.</P><P></P><P>I am trying to setup an application policy rule to allow secure LDAP from our hosting company back to our internal domain controller running MS AD.&nbsp; I have the appropriate NAT statement setup.<IMG alt="ldaps2.jpg" class="image-0 jive-image" height="255" src="https://live.paloaltonetworks.com/legacyfs/online/18345_ldaps2.jpg" style="height: 255px; width: 1362.93px;" width="1363" /></P><P></P><P>If you look in the log screenshot above, you'll see that the first entry is being denied.&nbsp; For my list of allowed applications in that rule, I have added LDAP and SSL.&nbsp; My services tab is set at Application-default.</P><P></P><P>For testing, I also tried just using regular LDAP with with just LDAP for application allowed, and services as Application-default.&nbsp; That worked fine, as you can see in log entry 2-8.</P><P></P><P>Do I need to change the services to TCP-636 to get LDAPS to work?&nbsp; I looked at the LDAP application object, and it lists 389, 636 as the ports it uses.</P><P></P><P>Thanks.</P><P>Dannon</P></BODY></HTML> Thu, 19 Feb 2015 17:48:26 GMT https://live.paloaltonetworks.com/t5/general-topics/secure-ldap-policy-rule-setup/m-p/10865#M8010 dannon 2015-02-19T17:48:26Z https://live.paloaltonetworks.com/t5/general-topics/secure-ldap-policy-rule-setup/m-p/10866#M8011 <HTML><HEAD></HEAD><BODY><P>Hi <A href="https://live.paloaltonetworks.com/u1/28936">dannon</A></P><P></P><P>You will have to allow SSL on service TCP-636 to make this work.</P><P></P><P>Firewall will not be able to identify it as LDAP unless you enable decryption.</P></BODY></HTML> Thu, 19 Feb 2015 20:24:39 GMT https://live.paloaltonetworks.com/t5/general-topics/secure-ldap-policy-rule-setup/m-p/10866#M8011 bat 2015-02-19T20:24:39Z https://live.paloaltonetworks.com/t5/general-topics/secure-ldap-policy-rule-setup/m-p/10867#M8012 <HTML><HEAD></HEAD><BODY><P>That worked.&nbsp; Thanks.</P></BODY></HTML> Wed, 11 Mar 2015 14:33:18 GMT https://live.paloaltonetworks.com/t5/general-topics/secure-ldap-policy-rule-setup/m-p/10867#M8012 dannon 2015-03-11T14:33:18Z