This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
Accept
Reject

About SistemasCajamar

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SistemasCajamar
‎03-20-2023
since ‎11-22-2012
L2 Linker
User Activity
User Profile
User Badges
Community Statistics
Member Since ‎11-22-2012 09:07 AM
Date Last Visited ‎03-20-2023 08:27 PM
Posts 17

Re: Adding domain to username for user identification

by in General Topics
‎05-14-2013 09:19 AM
‎05-14-2013 09:19 AM
I've tried with domain but it doesn't work either: domain.int-PCI-RSA {           server {             esc04.domain.int {               port 636;               address 192.168.66.3;             }             esc15.domain.int {               port 636;               address 192.168.66.15;             }             esc16.domain.int {               port 636;               address 192.168.66.16;             }             esc03.domain.int {               port 636;               address 192.168.66.4;             }           }           ldap-type active-directory;           bind-dn F5-APM-AD@domain.int ;           timelimit 30;           bind-timelimit 30;           retry-interval 60;           bind-password  xxxxxxxxxxxxxxxxxxx;           ssl yes;           base dc=domain,dc=int;           domain domain;         } show user ip-user-mapping all | match mbm60380 10.240.1.24     vsys1  UIA     domain\mbm60380                 922            922          10.240.1.1      vsys1  UIA     domain\mbm60380                 2363           2363         10.240.250.1    vsys2  GP      mbm60380                         2591972        2591972  Thanks for your answer ... View more

Adding domain to username for user identification

by in General Topics
‎05-14-2013 08:20 AM
‎05-14-2013 08:20 AM
Hello We are using RSA for user authentication with Global Protect. We need to identify the LDAP group (Windows Active Directory) the user belongs to, but It doesn't work. The reason is that the user we use for authentication doesn't include the domain and the LDAP query  doen't match the right user: cscworks@pa-intx.cajamar.int (active)> show user ip-user-mapping all | match mbm60380 10.240.1.24     vsys1  UIA     domain\mbm60380                 2388           2388         10.240.1.1      vsys1  UIA     domain\mbm60380                 2101           2101         10.240.250.1    vsys2  GP      mbm60380                         2590859        2590859      cscworks@pa-intx.cajamar.int (active)> show user group name domain\group1 short name:  domain\group1 [1     ] domain\aag60368 [2     ] domain\ced61081 [3     ] domain\jas61669 [4     ] domain\mbm60380 [5     ] domain\pmc61693 [6     ] domain\vcm60984 Is there any way to fix this? Can the firewall add the domain to the LDAP query? ... View more
Labels:

GlobalProtect Access-list

by in General Topics
‎04-23-2013 03:56 AM
‎04-23-2013 03:56 AM
obalHello He have several servers behind a Palo Alto Firewall. As they are managed by different admin groups we have access lists that filter the management acceso. So: - Unix_Admin_Network (10.1.1.0) -> has access ssh access to Unix Servers - Windows_Admin_Network (10.2.2.0) -> Has Access RDP access to Windows Servers - Networking_Admin_Group (10.3.3.0) -> Has HTTPS y SSH to routers, load balancers and switches management. We are forced by Security Policy to implement a VPN with RSA Token authentication in order to allow the management access. We have configured it, but as I have used IPSEC witch a common address Pool. How can I filter the access? Now all the groups have management access to al the servers as the connection is made with an IP Address of the same pool. Would it be possible to use LDAP authorization checking which LDAP group each user belongs to? If the VPN is configured without IPSEC and no Address Pool all the connections would me made with the user's orginal IP Address But How can you know if the connection is made with or without VPN connection established? Thank you ... View more
Labels:

Re: Certificate for Secure Web GUI creation

by in General Topics
‎02-25-2013 03:14 AM
‎02-25-2013 03:14 AM
1.- Yes, the private key s included 2 .- There's no error. The GUI does not respond after applying the Commit, though telnet to 443 por is answering. ... View more

Certificate for Secure Web GUI creation

by in General Topics
‎02-22-2013 04:00 AM
‎02-22-2013 04:00 AM
Hello Which attributes shall an external CA certificate have to be accepted as a Secure Web GUI Certificate? I have imported one, but SSL Management doesn't work with it. These are its attributes:    Version: 3 (0x2)         Serial Number:             15:28:3b:46:00:00:00:02:38:da         Signature Algorithm: sha1WithRSAEncryption         Issuer: DC=int, DC=company, CN=company         Validity             Not Before: Feb 20 17:16:16 2013 GMT             Not After : Feb 18 17:16:16 2021 GMT         Subject: C=es, ST=ada, L=ada, O=., OU=Sistemas de Informaci\xC3\xB3n, CN=pa-intx.company.int         Subject Public Key Info:             Public Key Algorithm: rsaEncryption             RSA Public Key: (2048 bit)                 Modulus (2048 bit):                     00:a8:03:53:ba:6c:cf:63:fe:1e:b3:90:47:b1:32:                     00:f6:7b:f3:28:40:10:81:50:b2:6f:ea:97:e4:ec:                     7f:1b:9b:d3:30:d5:e8:fe:3e:d1:6d:ca:04:31:47:                     d3:2c:fe:30:97:54:dd:ee:79:b8:55:d1:74:cc:ef:                     38:7b:80:b9:c0:f5:0c:a4:f5:0c:09:2a:ce:70:3f:                     0e:b9:b8:4b:f7:5d:4f:c6:e4:80:2c:e8:cd:7e:c5:                     ae:25:51:0f:34:81:26:43:82:1f:61:7f:8a:a7:d6:                     e4:fb:88:3a:34:3f:52:93:f7:2d:c6:b4:ca:09:ac:                     6a:1a:d0:f9:bb:4f:92:6b:21:e3:99:a4:26:a1:da:                     8a:dd:71:10:ee:6c:86:b1:3b:b4:b5:3a:27:63:ce:                     0b:0d:5c:ef:80:22:60:cd:0e:56:5d:7b:79:1e:01:                     25:1b:ba:a2:90:27:8f:55:18:a2:ca:c0:9c:a0:b0:                     7f:85:7f:27:ff:4c:d4:39:65:2b:11:d2:b9:fe:aa:                     4f:10:9f:96:73:29:73:28:91:b0:49:19:f2:33:f1:                     77:bc:1b:64:37:ce:18:b9:62:2f:37:b2:4e:91:47:                     9a:3e:8e:de:b3:c3:13:e2:42:80:92:3b:1b:99:5f:                     00:89:56:91:94:bb:0f:86:fd:9a:0d:d2:d8:bb:14:                     d3:99                 Exponent: 65537 (0x10001)         X509v3 extensions:             X509v3 Subject Key Identifier:                 B9:3D:01:81:2B:13:00:A3:B7:7A:59:B1:46:C6:33:9E:34:B0:7D:B4             X509v3 Authority Key Identifier:                 keyid:09:9A:47:A9:5C:87:E0:B3:41:04:3F:55:21:24:06:1C:A0:EC:3C:BC             X509v3 CRL Distribution Points:                 URI:ldap:///CN=company,CN=escullos01,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=company,DC=int?certificateRevocationList?base?objectClass=cRLDistributionPoint                 URI: http://escullos01.company.int/CertEnroll/company.crl             Authority Information Access:                 CA Issuers - URI:ldap:///CN=company,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=company,DC=int?cACertificate?base?objectClass=certificationAuthority                 CA Issuers - URI: http://escullos01.company.int/CertEnroll/escullos01.company.int_company.crt             X509v3 Basic Constraints: critical                 CA:FALSE             X509v3 Key Usage:                 Digital Signature, Key Encipherment             1.3.6.1.4.1.311.21.7:                 0..&+.....7.....<...1...$.......|./..d...<..d...             X509v3 Extended Key Usage:                 TLS Web Client Authentication             1.3.6.1.4.1.311.21.10:                 0.0 These are the ones from de Internal Palo Alto Certificate: [redes@gollum Certificados]$ openssl x509 -in Cert_Interno_Pa_Intx.cer -text -noout Certificate:     Data:         Version: 1 (0x0)         Serial Number:             d9:4d:91:9b:17:e4:0c:4c         Signature Algorithm: sha1WithRSAEncryption         Issuer: C=US, ST=CA, L=Sunnyvale, O=Palo Alto Networks, OU=Support, CN=localhost/emailAddress=support@paloaltonetworks.com         Validity             Not Before: Jul 12 22:18:24 2010 GMT             Not After : Jul 11 22:18:24 2020 GMT         Subject: C=US, ST=CA, L=Sunnyvale, O=Palo Alto Networks, OU=Support, CN=localhost/emailAddress=support@paloaltonetworks.com         Subject Public Key Info:             Public Key Algorithm: rsaEncryption             RSA Public Key: (1024 bit)                 Modulus (1024 bit):                     00:b7:5c:d2:e2:08:9d:de:8f:4f:7f:a5:d5:99:34:                     ed:4a:7e:39:f5:88:1b:19:33:e8:2b:cb:4d:cd:e3:                     62:b8:78:8f:c7:1a:76:23:81:5b:09:7a:90:5a:d4:                     8f:43:07:9e:47:5b:4d:35:13:68:ae:f3:cd:47:5b:                     9b:dc:78:a1:cb:49:cf:27:27:1b:fa:21:50:54:5c:                     94:7a:5f:42:2b:2c:2c:51:7f:6e:9a:de:89:c0:3c:                     29:1d:2c:34:05:a4:68:85:56:42:79:e2:db:31:f1:                     6d:25:84:5b:d1:de:4a:f9:aa:8d:8d:00:e3:9f:b5:                     c3:73:38:1a:f7:a6:91:69:d1                 Exponent: 65537 (0x10001)     Signature Algorithm: sha1WithRSAEncryption         1a:a3:44:23:8b:01:cb:44:fd:68:41:3a:70:67:bf:03:09:40:         19:c7:9d:06:f8:b9:2b:93:b7:91:f3:da:7e:eb:9e:7a:ca:59:         dc:ea:57:35:c1:5b:d4:f6:de:88:06:3a:27:7f:d9:c0:ec:da:         bd:01:b9:95:4e:76:2c:2b:cd:be:d0:bc:fa:85:9c:95:d8:6f:         74:e8:7e:3b:9e:58:b1:4b:9e:45:36:21:cc:35:8a:a0:2b:46:         28:a1:f5:52:c1:f0:cd:cd:07:0e:7d:b4:03:bc:54:e2:26:a6:         5f:ca:3a:88:3e:dc:a7:97:13:9a:24:68:a0:4a:a2:24:27:3d:         0b:df ... View more
Labels:
Register or Sign-in
Contact Me
Online Status
Offline
Date Last Visited
‎03-20-2023 08:27 PM
Latest Tags
No tags yet
Likes Given To
View All
LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks