GlobalProtect Auth Problem after making new VSYS

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

GlobalProtect Auth Problem after making new VSYS

L1 Bithead

When ever we make a new vsys our global protect authentication fails with user not in allow list. Has anyone else seen this problem.  We are going from one one system to 2 vsys's.  ( I don't know the correct wording)

1 accepted solution

Accepted Solutions

L1 Bithead

So we broke it last night doing so made the ldap configurations, authentication profile, and the authentication sequence all to shared location.  We ended up fixing it by cloning our ldap configurations, authentication profile, and the authentication sequence.  Once we did that we set them all to location vsys1. After that we set the GlobalProtect configuration to us our clones that were set to vsys1 instead of the shared ones and it worked. 

View solution in original post

5 REPLIES 5

L7 Applicator

Hello,

You have only created an another VSYS on this PAN FW or configured the second VSYS with some interface and routing etc....?

This Doc might help you to understand NAT and policy in multy VSYS environment

How to Set Up Shared Gateway and Inter VSYS

Thanks

L5 Sessionator

Hello s996kingsm,

Can we make sure that the External interface, Global Protect portal, Global protect gateway, Authentication profile and LDAP server profile are a part of one Vsys (original vsys).

Thanks and regards,

Kunal Adak

HULK    We created another vsys and then the login broke.  We fixed or unbroke it by just reverting to the previous config. 

KADAK  I am pretty sure they were all in the original but i will check again when we break it tonight. 

Thanks for your update. You may check authd (authentication daemon) logs from FW CLI during next occurrence.

Thanks

L1 Bithead

So we broke it last night doing so made the ldap configurations, authentication profile, and the authentication sequence all to shared location.  We ended up fixing it by cloning our ldap configurations, authentication profile, and the authentication sequence.  Once we did that we set them all to location vsys1. After that we set the GlobalProtect configuration to us our clones that were set to vsys1 instead of the shared ones and it worked. 

  • 1 accepted solution
  • 3431 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!