connections firewall to ldap

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

connections firewall to ldap

L1 Bithead

Hello, i need your help. Iwould like to know how the ildap connection woks. Why are there connections between the PAN directly to the pc and does not go through the AD server?

Is this behavior normal?

The security departament says it´s not normal or they don´t understand

 

Thanks for your help

4 REPLIES 4

L4 Transporter

It depends on which interface you are using to eastablish LDAP connection by deafult it uses mgmt.

 it uses TCP 139 you need to create security policy to allow traffic

 

run below command to check status

show user group-mapping state all

below are some useful resource.

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGnCAK

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGOCA0

 

 

SD-WAN | Cloud Networking | PCNSE | ICSI CNSS | MCNA | | CCNP | CCSA | SPSP | SPSX | F5-101 |

Thanks for the answer, but what I need to know is. why does PAN connect directly to the pc? it should connect to AD server and AD connect to pc. it is understood? excuse my english, it's not good

the logs show PAN connections with all the pc. it should be the connection of PAN with server AD and server AD with the pc

OK please tell us why are you using LDAP ?  for firewall admin authentication or global protect client authentication or anything else ?

 

 

SD-WAN | Cloud Networking | PCNSE | ICSI CNSS | MCNA | | CCNP | CCSA | SPSP | SPSX | F5-101 |

Thanks for your answer

 

Global Protect

 

Regards

  • 5302 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!