After upgradae of pan os 8. 1. 14h2 auth profile changes auto

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

After upgradae of pan os 8. 1. 14h2 auth profile changes auto

L4 Transporter
  • the PAN-OS has upgraded from 8. 1. 9h4 to 8. 1. 14h2.
  • The issue has been reported that users are able to connect the VPN via Global protect with their AD logins, but unable to access few web-based applications.
  • The logs are not received by the firewall in the traffic monitor, At the same time packet capture was done and counters from the firewall have done and it was a dropped in the firewall.
  • Meanwhile, I have observed the wrong domain names in the logs as well as User-Base policies.
  • Checked all LDAP and User Identification parameter settings and global protected parameters has it has configured in a standard way.
  • However, I have gone to preferred PANOS version 8.1.13.
  • the downgrade has done with the preferred version 8.1.13, and the issue persisted.
  • checked and troubleshooted services like Client Probing /Decryption profiles /Suffix-Domain-Setting /Global Protect Gateway configuration /GP-Agent /GP-Client-settings /Gateway Group-Mapping /Interface-setting/ LDAP-Profile / LDAP-Server-monitoring/ NTP/ Security policies/ service Route /User-Group-Attributes / user -ID-mapping/ WMI-Authentication.
  • A created rule set as a TEST policy with ANY ANY ANY except such & destination Zones with start and end session logs and Finally, we have received the logs for the same.
  • From the logs, it has been recognized the sources users with a different name of content as finance.com\abcd instead of finance\abcd.
  • Therefore, we have replaced the source user ANY with finance.com\abcd and double-checked the application are able to access it the testing users,
  • One by one I have started to replace ANY objects with original objects on the test policy, but the issue was the same and we replace finance.com\abcd as a finance\abcd the issue was the same.
  • Done a comparison with Running configuration and backup files before and after activity to checks changes and it found that some of the configurations were missing like split tunneling. And other security policies.
  • Loaded the backup file 2-day old one which has taken from the firewall before the up-gradation activity and no changes have made after loading in the firewall, but the issue was the same. Again, no logs can see in the traffic monitor.
  • Again, I started to troubleshoot with further services like User Identification parameters Global protect configuration and LDAP services.
  • Cleared the User ID caches and Session caches and Created a test policy and troubleshoot with scenarios, but does help to fix the username Conflicts
  • However, due to a short time decided to revert to original setup 8. 1. 9-h4 and GP software 4.1.11 as before the activity of upgrade
  • As reverted to the actual setup of before the upgrade activity and loaded the backup file of 1 week old to the firewall and the issue the same as it was in version 8. 1. 14h2 and 8.1.13.
  • After uploading the 1-week old backup file in the firewall and No changes have been made meanwhile, I have involved the senior engineer for further troubleshooting.
  • Involving the senior engineer in the session started to troubleshoot the issue, hence he had noticed authentication-profile for XXXX attached to the radius, which configured for user authentication as User Domain finance.com.
  • He has replaced the finance.com as finance and saved the parameter of authentication-profile and committed the configuration.
  • After changed It has stopped the conflicts between finance and finance.com and the application started to work for global protect users
  • As it was misconfiguration error and it has reconfigured in the Device à Authentication à Profile Changing “User Domain" parameter, and the issue fixed.
  • backup files of the 1-week old one and 2-day old one have loaded to the firewall and it was not working, but after changing parameters in the backup file of 1 week and the issue has been fixed.

Checked all configuration of the system. no changes have done with auth profiles. For the last 5 months.

I want to know the cause of this incident.

1 REPLY 1

L4 Transporter

After Involving the senior engineer in the session started to troubleshoot the issue, hence he had noticed authentication-profile for XXXX attached to the radius, which configured for user authentication as User Domain finance.com.

 

and the authentication-profile for XXXX is OTP which users get with is Passcode whenever they log in to Global protect with there AD account.

  • 1862 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!