When ever we make a new vsys our global protect authentication fails with user not in allow list. Has anyone else seen this problem. We are going from one one system to 2 vsys's. ( I don't know the correct wording)
Solved! Go to Solution.
You have only created an another VSYS on this PAN FW or configured the second VSYS with some interface and routing etc....?
This Doc might help you to understand NAT and policy in multy VSYS environment:
Can we make sure that the External interface, Global Protect portal, Global protect gateway, Authentication profile and LDAP server profile are a part of one Vsys (original vsys).
Thanks and regards,
HULK We created another vsys and then the login broke. We fixed or unbroke it by just reverting to the previous config.
KADAK I am pretty sure they were all in the original but i will check again when we break it tonight.
So we broke it last night doing so made the ldap configurations, authentication profile, and the authentication sequence all to shared location. We ended up fixing it by cloning our ldap configurations, authentication profile, and the authentication sequence. Once we did that we set them all to location vsys1. After that we set the GlobalProtect configuration to us our clones that were set to vsys1 instead of the shared ones and it worked.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!