This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

About JorgeOrtega

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
JorgeOrtega
‎05-29-2023
since ‎10-20-2021
L1 Bithead
User Activity
User Profile
Latest posts by JorgeOrtega
View All
User Badges
Community Statistics
Member Since ‎10-20-2021 10:51 AM
Date Last Visited ‎05-29-2023 10:30 AM
Posts 10
Total Likes Received 3

CLI Location command not showing the location of the IP address

by in General Topics
‎04-20-2022 02:42 PM
‎04-20-2022 02:42 PM
Today I found that Application and Thread ID 8559-7361 is incorrectly categorizing US IP address as if they were from China and therefore blocking all the traffic to these destinations. The only way to fix the issue was to revert back to version 8558-7356 from 4/18/22.   While doing the test below I could see exactly the problem:   What is the reason for such behavior? Additionally, if I run the same command from another firewall I don't get any location as you can see below: Any ideas why is this happening?   Thanks in advance.   Best regards,   Jorge. ... View more

Re: Import of SSL-TLS-cert failed. Mismatched public and private keys.

by in General Topics
‎02-07-2022 05:49 AM
1 Kudo
‎02-07-2022 05:49 AM
1 Kudo
Thanks Tom. I think this also could match a bug but the fact that I could do it on mine tells me that it might be a process error. I will follow what I did on my firewall and if that doesn't work then I will know it is a bug.   Thanks.   Jorge. ... View more

Re: Import of SSL-TLS-cert failed. Mismatched public and private keys.

by in General Topics
‎02-07-2022 05:46 AM
‎02-07-2022 05:46 AM
BPry you got it right. I tried in another firewall and after several testing I could import it using the same name. I couldn't find anything related about this "must match" name in the regular Palo documentation but in one from a CA.   Thank you so much.   Jorge.  ... View more

Re: Import of SSL-TLS-cert failed. Mismatched public and private keys.

by in General Topics
‎02-06-2022 08:59 AM
‎02-06-2022 08:59 AM
Did you have exactly the same error about "Import of certificates failed. Mismatched public and private keys". ... View more

Import of SSL-TLS-cert failed. Mismatched public and private keys.

by in General Topics
‎02-06-2022 07:57 AM
‎02-06-2022 07:57 AM
We are adding a new Web Server certificate for portal validation in our brand new firewall.  We created the CSR in the Firewall and exported it to sign it with GoDaddy CA.  Once we download the bundle from GoDaddy we extracted the root, intermediate, and server certificate in Base64 format. We can import the root and intermediate without any problems and we can see Root \_ Intermediate right below the Pending CSR. However when we are trying to import the server certificate we get an error: Import of SSL-TLS-cert failed. Mismatched public and private keys.     SSL-TLS-cert is the name of the file, however we found documentation that indicates to use the name of the CSR file to import this last certificate, and in other use the name of the file that we exported initially.    This last one worked, however the "pending" CSR doesn't go away.  As you can see even when the server certificate was successfully imported to the chain, it is not taking the private key and removing the pending CSR Digi-RSA at the top that contains the private key.   Any ideas on how to properly import a third party CA to the Firewall?   Thanks in advance and have a great day.   Jorge.   ... View more

Re: Global Protect not working with RADIUS NPS and LDAP on the same server.

by in General Topics
‎11-03-2021 04:38 PM
1 Kudo
‎11-03-2021 04:38 PM
1 Kudo
Tom, I want to thank you for your valuable help. This worked like a charm. I had some issues in my setup that I discovered while I was creating the group mapping. I could also understand how these groups works. I created an RADIUS group and left All for the LDAP, so only a specific group that belongs to this group will have 2FA. Thanks again and have a great evening.   Jorge. ... View more

Re: Global Protect not working with RADIUS NPS and LDAP on the same server.

by in General Topics
‎11-03-2021 01:58 PM
1 Kudo
‎11-03-2021 01:58 PM
1 Kudo
I just checked that the only way that I can add groups to the Allow List below is by creating the Group Mapping. (right now both are using All): However still wondering why you select the RADIUS-NPS group shown below along with the LDAP one...   When I only see the option for LDAP under the Server Profile for the same Group Mapping rule?   I have no option to do Group Mapping of my RADIUS_NPS group to be under the NPS Server Profile only under the LDAP Server Profile.   Is this correct?   Regards,   Jorge. ... View more

Re: Global Protect not working with RADIUS NPS and LDAP on the same server.

by in General Topics
‎11-03-2021 12:01 PM
‎11-03-2021 12:01 PM
Hi Tom,    Thanks for the detailed response. I have two groups and I want the RADIUS Authentication Profile to use the RADIUS_NPS group in Active Directory. I also want the LDAP Authentication Profile to use the LDAP group in Active Directory. The Authentication sequence is using RADIUS first and LDAP second and the idea is a user that belongs to the RADIUS group in AD should hit this Authentication Profile first and users that belongs to the LDAP group in AD should bypass the RADIUS and goes to the LDAP instead. Will this work?   When following that link for the group mapping, I can only create one group for LDAP as this is the only Authentication Profile I can select. Now if I do this I can then select it in the Allow List under the Advanced authentication profile under Advanced tab as you mentioned, however when I do the same for the RADIUS authentication profile it only shows the LDAP group. Should I type the name of the group manually? For example: CN=RADIUS_Users,CN=Users,DC=mydomain,DC=com ?   Thanks for the guidance on this matter. ... View more

Global Protect not working with RADIUS NPS and LDAP on the same server.

by in General Topics
‎11-03-2021 09:59 AM
‎11-03-2021 09:59 AM
Hello everyone,   We have a Firewall configured for Authentication for LDAP and RADIUS NPS.   Both works fine when I force the authentication profile using CLI: test authentication authentication-profile LDAP username user password test authentication authentication-profile RADIUS username user password   However, when using Global Protect with an Authentication Sequence, I see the RADIUS Auth Denied in the Event Viewer in Windows and the connection fails in the client, so it doesn't go to the next Authentication Profile.   I also wanted to use Groups. I have 2 in Active Directory (RADIUS_Users and LDAP_Users) but I can only use Group Mapping for the LDAP, so RADIUS has no option to match a specific group. Any workaround for this?   Thanks. ... View more
Register or Sign-in
Contact Me
Online Status
Offline
Date Last Visited
‎05-29-2023 10:30 AM
Likes Given To
Likes From
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks