Hi, I have implemented a Palo Alto without Management interface, only an Inside interface/zone and Outside interface/zone. I configured the service route configuration to use Inside IP address for updates, dns... (all service routes). Also I have configured the network routing (all the networks that has to be accessed from Inside IP address. The problem is on ldap connection. When I configure the group mapping, I get an error because PaloAlto can not connect to ldap server. My tests: If I do a ping to ldap host, I get: From <management IP> icmp seq=X Destination host unrecheable. But If I do a ping with source Iniside IP address to ldap host I get response. admin@PA-500> show user group-mapping state all Group Mapping(vsys1, type: e-directory): LDAP_userauth Bind DN : cn=admin,o=esteve Base : ou=info,ou=intranet,o=esteve Group Filter: (None) User Filter: (None) Servers : configured 1 servers 172.20.0.181(636) Last Action Time: 50 secs ago(took 3 secs) Next Action Time: In 10 secs Last LDAP error: Can't contact LDAP server Number of Groups: 0 Could be that ldap connection is being started on management interface and the service routing for this service is not working? Regards,
... View more