I am having an query regarding the Captive Portal issue. Herewith, I have network flow diagram to understand better on the scenario.
**** Both end Firewall are of same device Palo Alto only.
=> From Head Office Firewall, we are able to reach the AD Server residing on Data Center Firewall without any issues. However while I am checking the status on Server Status it is showing as " Connection Timed Out".
=> Credentials that we have given to authenticate the server is under the administrator role for the AD Server.
=> Due to this User-IP-Mapping is not happening on the Head Office Firewall. So we need to sort of the Connection Timed Out problem of that AD Server.
So please share us your inputs for the same on how to resolve this issue and i am eagerly waiting for an update on this regards. Thanks in advance !!
Was this working previously or is it a new setup? You'll want to ensure that you have granted the user permissions to Event Log Readers, Server Operators, and Distributed COM Users to actually be able function correctly.
Thanks for your response !!
This is not a new setup, it was previously worked as expected however suddenly it is not working for the past 3 days.
Yes, I have verified all the user level permission is added for the service user which is used under WMI Credentials.
Please let me know if you have any additional query in order to find a solution on this issue. Thanks in advance !!
If that's the case I would reach out to TAC so that they can take an in-depth look at the useridd.log file and see if it gives any additional information as to why the connection isn't functional, such as a stat_tls_s return error or something of the sort. It could also be worth simply restarting the management server if you haven't already done so to cycle the associated processes.
Thanks for your suggestion, I will give it a try by restarting the Management server and see if that help us in this scenario.
Also check the logs to see where you are getting dropped. By default the PAN will use the management interface to communicate with the agents.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!