VPN CLIENT GLOBAL PROTECT, MANAGED WITH LDAP GROUPS

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

VPN CLIENT GLOBAL PROTECT, MANAGED WITH LDAP GROUPS

L1 Bithead

Hello, I have a problem.

I just inherited a palo alto firewall.

I noticed that given a specific certificate and given the global protect client, every user of the ldap server can connect to the vpn.

I would like that only users in specific ldap groups could enter.

Let's say the groups come from active directory.

"domain"\user_group_allowed

"domain"\user_group_allowed_limited

how can I do that?

right now everyone on "domain" can open a vpn tunnel.

Could it be that what I'm looking for is under:

Device > Authentication Profile > Advanced > Allow list 

and that I should Add the ldap groups there instead of "All" ?

Kindest Regards

15 REPLIES 15

That was it for me also.  @Mick_Ball thank you for walking me through the tshooting steps.

  • 21960 Views
  • 15 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!