GlobalProtect Auth Problem after making new VSYS

Reply
Highlighted
L1 Bithead

GlobalProtect Auth Problem after making new VSYS

When ever we make a new vsys our global protect authentication fails with user not in allow list. Has anyone else seen this problem.  We are going from one one system to 2 vsys's.  ( I don't know the correct wording)

L7 Applicator

Re: GlobalProtect Auth Problem after making new VSYS

Hello,

You have only created an another VSYS on this PAN FW or configured the second VSYS with some interface and routing etc....?

This Doc might help you to understand NAT and policy in multy VSYS environment

How to Set Up Shared Gateway and Inter VSYS

Thanks

L5 Sessionator

Re: GlobalProtect Auth Problem after making new VSYS

Hello s996kingsm,

Can we make sure that the External interface, Global Protect portal, Global protect gateway, Authentication profile and LDAP server profile are a part of one Vsys (original vsys).

Thanks and regards,

Kunal Adak

L1 Bithead

Re: GlobalProtect Auth Problem after making new VSYS

HULK    We created another vsys and then the login broke.  We fixed or unbroke it by just reverting to the previous config. 

KADAK  I am pretty sure they were all in the original but i will check again when we break it tonight. 

L7 Applicator

Re: GlobalProtect Auth Problem after making new VSYS

Thanks for your update. You may check authd (authentication daemon) logs from FW CLI during next occurrence.

Thanks

L1 Bithead

Re: GlobalProtect Auth Problem after making new VSYS

So we broke it last night doing so made the ldap configurations, authentication profile, and the authentication sequence all to shared location.  We ended up fixing it by cloning our ldap configurations, authentication profile, and the authentication sequence.  Once we did that we set them all to location vsys1. After that we set the GlobalProtect configuration to us our clones that were set to vsys1 instead of the shared ones and it worked. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!