I have implemented a Palo Alto without Management interface, only an Inside interface/zone and Outside interface/zone. I configured the service route configuration to use Inside IP address for updates, dns... (all service routes). Also I have configured the network routing (all the networks that has to be accessed from Inside IP address.
The problem is on ldap connection. When I configure the group mapping, I get an error because PaloAlto can not connect to ldap server.
If I do a ping to ldap host, I get: From <management IP> icmp seq=X Destination host unrecheable. But If I do a ping with source Iniside IP address to ldap host I get response.
admin@PA-500> show user group-mapping state all
Group Mapping(vsys1, type: e-directory): LDAP_userauth Bind DN : cn=admin,o=esteve Base : ou=info,ou=intranet,o=esteve Group Filter: (None) User Filter: (None) Servers : configured 1 servers 172.20.0.181(636) Last Action Time: 50 secs ago(took 3 secs) Next Action Time: In 10 secs Last LDAP error: Can't contact LDAP server Number of Groups: 0
Could be that ldap connection is being started on management interface and the service routing for this service is not working?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!