This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

GlobalProtect Auth Problem after making new VSYS

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

GlobalProtect Auth Problem after making new VSYS

Go to solution
s996kingsm
L1 Bithead

‎07-07-2014 12:57 PM

When ever we make a new vsys our global protect authentication fails with user not in allow list. Has anyone else seen this problem.  We are going from one one system to 2 vsys's.  ( I don't know the correct wording)

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
s996kingsm
L1 Bithead

‎07-08-2014 06:46 AM

So we broke it last night doing so made the ldap configurations, authentication profile, and the authentication sequence all to shared location.  We ended up fixing it by cloning our ldap configurations, authentication profile, and the authentication sequence.  Once we did that we set them all to location vsys1. After that we set the GlobalProtect configuration to us our clones that were set to vsys1 instead of the shared ones and it worked. 

View solution in original post

0 Likes Likes
5 REPLIES 5

Go to solution
HULK
L7 Applicator

‎07-07-2014 02:00 PM

Hello,

You have only created an another VSYS on this PAN FW or configured the second VSYS with some interface and routing etc....?

This Doc might help you to understand NAT and policy in multy VSYS environment

How to Set Up Shared Gateway and Inter VSYS

Thanks

0 Likes Likes

Go to solution
kadak
L5 Sessionator

‎07-07-2014 02:00 PM

Hello s996kingsm,

Can we make sure that the External interface, Global Protect portal, Global protect gateway, Authentication profile and LDAP server profile are a part of one Vsys (original vsys).

Thanks and regards,

Kunal Adak

0 Likes Likes

Go to solution
s996kingsm
L1 Bithead
In response to HULK

‎07-07-2014 02:05 PM

HULK    We created another vsys and then the login broke.  We fixed or unbroke it by just reverting to the previous config. 

KADAK  I am pretty sure they were all in the original but i will check again when we break it tonight. 

0 Likes Likes

Go to solution
HULK
L7 Applicator
In response to s996kingsm

‎07-07-2014 02:17 PM

Thanks for your update. You may check authd (authentication daemon) logs from FW CLI during next occurrence.

Thanks

0 Likes Likes

Go to solution
s996kingsm
L1 Bithead

‎07-08-2014 06:46 AM

So we broke it last night doing so made the ldap configurations, authentication profile, and the authentication sequence all to shared location.  We ended up fixing it by cloning our ldap configurations, authentication profile, and the authentication sequence.  Once we did that we set them all to location vsys1. After that we set the GlobalProtect configuration to us our clones that were set to vsys1 instead of the shared ones and it worked. 

0 Likes Likes
  • 1 accepted solution
  • 3424 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks