03-22-2018 11:37 AM
Hi all. I am trying to setup a ADFS environment in our network. The actual ADFS server is located in the internal LAN, and the ADFS Web Application proxy is reside in the DMZ; internal LAN and DMZ is in a different VLAN.
The goal is to send user authentications (orginiated from the Internet) to the ADFS web application proxy, and from there it communicate with the ADFS server in the internal LAN over port 443.
I've created the NAT rule in the PA firewall, and pointed it to the ADFS WAP server.
Also created the security policies to allow port 443 communication between the ADFS WAP and the ADFS server.
However, this where I am having the problem.
The ADFS WAP and the ADFS server failed to communicate with each other over port 443. Odd thing is this setup worked fine initially, and then suddenly stopped working.
This is my 3 security policy that I've created :
Rule #1
Source = L3-Untrust
User = Any
Destination Zone = L3-DMZ
Destination Address = public IP
Applicatoin = ssl
Service = application-default
Action = allow
Rule #2
Source = L3-Trust
User = Any
Destination Zone = L3-DMZ
Destination Address = public IP
Application = ssl, ms-rdp, web-browsing
Service = application-default
Action = Allow
Rule #3
Source = L3-DMZ
Source Address = private IP of the server, also the public IP for the server
User = Any
Destination Zone = L3-Trust
Desination Address = IP of the ADFS server
Application = ssl
Service = application-default
Action = allow
Am I missing anything here? Thank you.
Note: I am able to RDP to the ADFS WAP server from the internal network.
