- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
04-12-2012 07:02 AM
Hi..
Customer would like to use SSL VPN with Active-Directory.
So, I have configured SSL VPN with LDAP Authentication.
There was no problem to connect SSL VPN with LDAP Authentication.
after verify SSL VPN connection, I was going to add some specific group to LDAP authentication in Authentication profile.
But I cannot browse Active-Directory group in LDAP authentication.
Surely, I’m not installed any user agents including AD-Agent and LDAP agent.
do i must install a user-agent, If I am going to add some specific AD group through browse in LDAP Authentication?
Thanks,
Eugene.
04-16-2012 11:00 AM
If you are using PAN OS v.4.1.x the PAN Firewall should be able to pull group information directly from the AD
To check the groups you can go to:
Device>>UserID>>Group Mapping and if the LDAP is configured correctly, then you should be able to pull the groups there.
Also these groups should show up in the Authentication Profile section.
If however, you are using PAN OS 4.0, or earlier, the group information is pulled from a UserID / PAN Agent so then, yes you would require an Agent running on a domain controller to be able to transfer groups over to the PAN Firewall.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!