Problem with GlobalProtect after certificate renew

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Problem with GlobalProtect after certificate renew

L0 Member

Hello there,

Yesterday our certificates used for GlobalProtect expired. I reneved them like last time and then - we lost possibility to connect to our institution from endpoints. Nothing more were changed.

 

1.jpg

 

Error seen on endpoint:

 

3.png

 

Now nobody can connect via GlobalProtect using AD credentials. 

Currently our settings in Agent config looks like:

 

2.jpg

When I set user settings to "Any" GlobalProtect starts to work again, but we cannot have this set to "Any" cos we must have control who have possibility to connect to company actually.

 

I have no idea what can I do to make this work again.

 

 

 

1 REPLY 1

L2 Linker

Hi @Damiano 
May I know what is the Authentication which you are using like LDAP, SAML, Radius or any other method?
Can you check how is the firewall creating the IP-to-User mapping while having the 'user/user group' set as 'Any'? ---->run the following command after user is connected 'show user ip-user-mapping all type GP'
The way you have added the user is called as 'sAMAccountName'. However, the mapping can be also learned in different ways such as UPN format (udername@domain.com) or simply just the username.
If the mapping is learned in a different format we can try checking the below document.
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000boHMCAY

  • 1853 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!