This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Active Directory Application

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Active Directory Application

ghostrider
L4 Transporter

‎10-24-2016 04:50 AM

Hello 

 

I create the security policy to allow users to logon to domain by simply selecting the activedirectory application but it is not working? Should I need to allow additional applications ?

0 Likes Likes
7 REPLIES 7

cpainchaud
L4 Transporter

‎10-24-2016 05:18 AM

yes, look at applications depencies.

ghostrider
L4 Transporter
In response to cpainchaud

‎10-24-2016 08:03 AM

Thanks. Can you please give me some direction, how can I check what other applications I must allow. I was thinking new version of PANOS, taking care of dependencies like if I want to allow fb-chat then it is under fb-base

0 Likes Likes

ghostrider
L4 Transporter
In response to cpainchaud

‎10-24-2016 12:44 PM

Thanks. Active Directory application is showing this:

activedirectory app.JPG

 

I allowed all the dependend applications as well but in logs, it is showing kerbros and dns, ntp etc as well. So I am wondering why it is not working. I really appeciate your help

0 Likes Likes

cpainchaud
L4 Transporter
In response to ghostrider

‎10-25-2016 07:00 AM

active-directory doesn't cover necessarily cover all authentication(s) stuff, rpc or ntp. that could be too broad

 

you want to add kerberos, some netbios, dns and ntp as well in your rule.

0 Likes Likes

BPry
Cyber Elite
Cyber Elite
In response to cpainchaud

‎10-25-2016 09:46 AM

It's pretty important to think through exactly what you actually need to allow access to, as most things Palo tries to narrow down. The best thing is to read what it's actually going to cover either on the firewall in the GUI or by looking at applipedia which makes things a little easier to search through. 

0 Likes Likes

ghostrider
L4 Transporter
In response to BPry

‎10-26-2016 09:18 AM

Hello

 

I simply want to allow users to log on to domain when login to their pc. If I only allow activedirectory application, its not working. So there should be some application for this functionality 

0 Likes Likes
  • 3450 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks