connections firewall to ldap

ricardo.alarcon
L1 Bithead

‎09-02-2019 09:13 AM

Hello, i need your help. Iwould like to know how the ildap connection woks. Why are there connections between the PAN directly to the pc and does not go through the AD server?

Is this behavior normal?

The security departament says it´s not normal or they don´t understand

 

Thanks for your help

0 Likes Likes

fatboy1607
L4 Transporter

‎09-03-2019 03:19 AM

It depends on which interface you are using to eastablish LDAP connection by deafult it uses mgmt.

 it uses TCP 139 you need to create security policy to allow traffic

 

run below command to check status

show user group-mapping state all

below are some useful resource.

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGnCAK

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGOCA0

 

 

SD-WAN | Cloud Networking | PCNSE | ICSI CNSS | MCNA | | CCNP | CCSA | SPSP | SPSX | F5-101 |

ricardo.alarcon
L1 Bithead
In response to fatboy1607

‎09-03-2019 06:37 AM

Thanks for the answer, but what I need to know is. why does PAN connect directly to the pc? it should connect to AD server and AD connect to pc. it is understood? excuse my english, it's not good

the logs show PAN connections with all the pc. it should be the connection of PAN with server AD and server AD with the pc

0 Likes Likes

fatboy1607
L4 Transporter
In response to ricardo.alarcon

‎09-05-2019 10:41 PM

OK please tell us why are you using LDAP ?  for firewall admin authentication or global protect client authentication or anything else ?

 

 

SD-WAN | Cloud Networking | PCNSE | ICSI CNSS | MCNA | | CCNP | CCSA | SPSP | SPSX | F5-101 |
0 Likes Likes

ricardo.alarcon
L1 Bithead
In response to fatboy1607

‎09-06-2019 08:24 AM

Thanks for your answer

 

Global Protect

 

Regards

0 Likes Likes