03-18-2022 01:46 AM
Hello there,
Yesterday our certificates used for GlobalProtect expired. I reneved them like last time and then - we lost possibility to connect to our institution from endpoints. Nothing more were changed.
Error seen on endpoint:
Now nobody can connect via GlobalProtect using AD credentials.
Currently our settings in Agent config looks like:
When I set user settings to "Any" GlobalProtect starts to work again, but we cannot have this set to "Any" cos we must have control who have possibility to connect to company actually.
I have no idea what can I do to make this work again.
03-18-2022 04:15 AM
Hi @Damiano
May I know what is the Authentication which you are using like LDAP, SAML, Radius or any other method?
Can you check how is the firewall creating the IP-to-User mapping while having the 'user/user group' set as 'Any'? ---->run the following command after user is connected 'show user ip-user-mapping all type GP'
The way you have added the user is called as 'sAMAccountName'. However, the mapping can be also learned in different ways such as UPN format (udername@domain.com) or simply just the username.
If the mapping is learned in a different format we can try checking the below document.
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000boHMCAY
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
