This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew

About SistemasCajamar

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SistemasCajamar
‎01-16-2026
since ‎11-22-2012
L2 Linker
User Activity
User Profile
Latest posts by SistemasCajamar
View All
User Badges
Community Statistics
Member Since ‎11-22-2012 09:07 AM
Date Last Visited ‎01-16-2026 12:13 AM
Posts 16

Re: Adding domain to username for user identification

by in General Topics
‎05-15-2013 08:25 AM
‎05-15-2013 08:25 AM
I've been able to solve this issue. Y use <username>@domain format in the GlobalProtect Client. Then, I make the domain stripping in the Radius configuration so that the RSA server authenticates just the username without domain Thank you ... View more

GlobalProtect Gateway authentication

by in General Topics
‎05-15-2013 03:04 AM
‎05-15-2013 03:04 AM
Hello I've noticed that the username used witch GlobalProtect Client is truncated when it has a prefix that ends with "\" It thought it could be removing the domain as I started checking witch  domain\username But it tried other stirngs and it happens the same: lalakers\username harrypotter\username skywalkers\username Is it by design? Is it possible to avoid it? Is it some kind of bug? We have 5.0.4 running and the client's version is 1.2.3 ... View more

Re: Adding domain to username for user identification

by in General Topics
‎05-15-2013 12:55 AM
‎05-15-2013 12:55 AM
I've tried another thing: - If I type domain\mbm60380 for GlobalProtect authentication the firewall sends to the Radius Server is mbm60380. It removes the domain. - Nevertheless, if I type mbm60380@domain the firewall does send that user to the Radius. In that case it doesn't remove the suffix. ... View more

Re: Adding domain to username for user identification

by in General Topics
‎05-14-2013 11:47 PM
‎05-14-2013 11:47 PM
Hello I have cleared both caches but the result is the same. I'm using RSA SecurID authentication, through a Cisco Secure ACS 4.2 server. It doesn't support domain stripping. At least the version we have Thanks for you help ... View more

Re: Adding domain to username for user identification

by in General Topics
‎05-14-2013 02:06 PM
‎05-14-2013 02:06 PM
I'm afraid I don't know how to clear the user cache for that IP or the group cache.  I don't know how to reset the ldap server profile connection either. I'm running 5.0.4 version What authentication method are you using? ... View more

Re: Adding domain to username for user identification

by in General Topics
‎05-14-2013 09:19 AM
‎05-14-2013 09:19 AM
I've tried with domain but it doesn't work either: domain.int-PCI-RSA {           server {             esc04.domain.int {               port 636;               address 192.168.66.3;             }             esc15.domain.int {               port 636;               address 192.168.66.15;             }             esc16.domain.int {               port 636;               address 192.168.66.16;             }             esc03.domain.int {               port 636;               address 192.168.66.4;             }           }           ldap-type active-directory;           bind-dn F5-APM-AD@domain.int;           timelimit 30;           bind-timelimit 30;           retry-interval 60;           bind-password  xxxxxxxxxxxxxxxxxxx;           ssl yes;           base dc=domain,dc=int;           domain domain;         } show user ip-user-mapping all | match mbm60380 10.240.1.24     vsys1  UIA     domain\mbm60380                 922            922          10.240.1.1      vsys1  UIA     domain\mbm60380                 2363           2363         10.240.250.1    vsys2  GP      mbm60380                         2591972        2591972  Thanks for your answer ... View more

Adding domain to username for user identification

by in General Topics
‎05-14-2013 08:20 AM
‎05-14-2013 08:20 AM
Hello We are using RSA for user authentication with Global Protect. We need to identify the LDAP group (Windows Active Directory) the user belongs to, but It doesn't work. The reason is that the user we use for authentication doesn't include the domain and the LDAP query  doen't match the right user: cscworks@pa-intx.cajamar.int(active)> show user ip-user-mapping all | match mbm60380 10.240.1.24     vsys1  UIA     domain\mbm60380                 2388           2388         10.240.1.1      vsys1  UIA     domain\mbm60380                 2101           2101         10.240.250.1    vsys2  GP      mbm60380                         2590859        2590859     cscworks@pa-intx.cajamar.int(active)> show user group name domain\group1 short name:  domain\group1 [1     ] domain\aag60368 [2     ] domain\ced61081 [3     ] domain\jas61669 [4     ] domain\mbm60380 [5     ] domain\pmc61693 [6     ] domain\vcm60984 Is there any way to fix this? Can the firewall add the domain to the LDAP query? ... View more
Labels:

Re: Certificate for Secure Web GUI creation

by in General Topics
‎02-25-2013 03:14 AM
‎02-25-2013 03:14 AM
1.- Yes, the private key s included 2 .- There's no error. The GUI does not respond after applying the Commit, though telnet to 443 por is answering. ... View more

Certificate for Secure Web GUI creation

by in General Topics
‎02-22-2013 04:00 AM
‎02-22-2013 04:00 AM
Hello Which attributes shall an external CA certificate have to be accepted as a Secure Web GUI Certificate? I have imported one, but SSL Management doesn't work with it. These are its attributes:    Version: 3 (0x2)         Serial Number:             15:28:3b:46:00:00:00:02:38:da         Signature Algorithm: sha1WithRSAEncryption         Issuer: DC=int, DC=company, CN=company         Validity             Not Before: Feb 20 17:16:16 2013 GMT             Not After : Feb 18 17:16:16 2021 GMT         Subject: C=es, ST=ada, L=ada, O=., OU=Sistemas de Informaci\xC3\xB3n, CN=pa-intx.company.int         Subject Public Key Info:             Public Key Algorithm: rsaEncryption             RSA Public Key: (2048 bit)                 Modulus (2048 bit):                     00:a8:03:53:ba:6c:cf:63:fe:1e:b3:90:47:b1:32:                     00:f6:7b:f3:28:40:10:81:50:b2:6f:ea:97:e4:ec:                     7f:1b:9b:d3:30:d5:e8:fe:3e:d1:6d:ca:04:31:47:                     d3:2c:fe:30:97:54:dd:ee:79:b8:55:d1:74:cc:ef:                     38:7b:80:b9:c0:f5:0c:a4:f5:0c:09:2a:ce:70:3f:                     0e:b9:b8:4b:f7:5d:4f:c6:e4:80:2c:e8:cd:7e:c5:                     ae:25:51:0f:34:81:26:43:82:1f:61:7f:8a:a7:d6:                     e4:fb:88:3a:34:3f:52:93:f7:2d:c6:b4:ca:09:ac:                     6a:1a:d0:f9:bb:4f:92:6b:21:e3:99:a4:26:a1:da:                     8a:dd:71:10:ee:6c:86:b1:3b:b4:b5:3a:27:63:ce:                     0b:0d:5c:ef:80:22:60:cd:0e:56:5d:7b:79:1e:01:                     25:1b:ba:a2:90:27:8f:55:18:a2:ca:c0:9c:a0:b0:                     7f:85:7f:27:ff:4c:d4:39:65:2b:11:d2:b9:fe:aa:                     4f:10:9f:96:73:29:73:28:91:b0:49:19:f2:33:f1:                     77:bc:1b:64:37:ce:18:b9:62:2f:37:b2:4e:91:47:                     9a:3e:8e:de:b3:c3:13:e2:42:80:92:3b:1b:99:5f:                     00:89:56:91:94:bb:0f:86:fd:9a:0d:d2:d8:bb:14:                     d3:99                 Exponent: 65537 (0x10001)         X509v3 extensions:             X509v3 Subject Key Identifier:                 B9:3D:01:81:2B:13:00:A3:B7:7A:59:B1:46:C6:33:9E:34:B0:7D:B4             X509v3 Authority Key Identifier:                 keyid:09:9A:47:A9:5C:87:E0:B3:41:04:3F:55:21:24:06:1C:A0:EC:3C:BC             X509v3 CRL Distribution Points:                 URI:ldap:///CN=company,CN=escullos01,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=company,DC=int?certificateRevocationList?base?objectClass=cRLDistributionPoint                 URI:http://escullos01.company.int/CertEnroll/company.crl             Authority Information Access:                 CA Issuers - URI:ldap:///CN=company,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=company,DC=int?cACertificate?base?objectClass=certificationAuthority                 CA Issuers - URI:http://escullos01.company.int/CertEnroll/escullos01.company.int_company.crt             X509v3 Basic Constraints: critical                 CA:FALSE             X509v3 Key Usage:                 Digital Signature, Key Encipherment             1.3.6.1.4.1.311.21.7:                 0..&+.....7.....<...1...$.......|./..d...<..d...             X509v3 Extended Key Usage:                 TLS Web Client Authentication             1.3.6.1.4.1.311.21.10:                 0.0 These are the ones from de Internal Palo Alto Certificate: [redes@gollum Certificados]$ openssl x509 -in Cert_Interno_Pa_Intx.cer -text -noout Certificate:     Data:         Version: 1 (0x0)         Serial Number:             d9:4d:91:9b:17:e4:0c:4c         Signature Algorithm: sha1WithRSAEncryption         Issuer: C=US, ST=CA, L=Sunnyvale, O=Palo Alto Networks, OU=Support, CN=localhost/emailAddress=support@paloaltonetworks.com         Validity             Not Before: Jul 12 22:18:24 2010 GMT             Not After : Jul 11 22:18:24 2020 GMT         Subject: C=US, ST=CA, L=Sunnyvale, O=Palo Alto Networks, OU=Support, CN=localhost/emailAddress=support@paloaltonetworks.com         Subject Public Key Info:             Public Key Algorithm: rsaEncryption             RSA Public Key: (1024 bit)                 Modulus (1024 bit):                     00:b7:5c:d2:e2:08:9d:de:8f:4f:7f:a5:d5:99:34:                     ed:4a:7e:39:f5:88:1b:19:33:e8:2b:cb:4d:cd:e3:                     62:b8:78:8f:c7:1a:76:23:81:5b:09:7a:90:5a:d4:                     8f:43:07:9e:47:5b:4d:35:13:68:ae:f3:cd:47:5b:                     9b:dc:78:a1:cb:49:cf:27:27:1b:fa:21:50:54:5c:                     94:7a:5f:42:2b:2c:2c:51:7f:6e:9a:de:89:c0:3c:                     29:1d:2c:34:05:a4:68:85:56:42:79:e2:db:31:f1:                     6d:25:84:5b:d1:de:4a:f9:aa:8d:8d:00:e3:9f:b5:                     c3:73:38:1a:f7:a6:91:69:d1                 Exponent: 65537 (0x10001)     Signature Algorithm: sha1WithRSAEncryption         1a:a3:44:23:8b:01:cb:44:fd:68:41:3a:70:67:bf:03:09:40:         19:c7:9d:06:f8:b9:2b:93:b7:91:f3:da:7e:eb:9e:7a:ca:59:         dc:ea:57:35:c1:5b:d4:f6:de:88:06:3a:27:7f:d9:c0:ec:da:         bd:01:b9:95:4e:76:2c:2b:cd:be:d0:bc:fa:85:9c:95:d8:6f:         74:e8:7e:3b:9e:58:b1:4b:9e:45:36:21:cc:35:8a:a0:2b:46:         28:a1:f5:52:c1:f0:cd:cd:07:0e:7d:b4:03:bc:54:e2:26:a6:         5f:ca:3a:88:3e:dc:a7:97:13:9a:24:68:a0:4a:a2:24:27:3d:         0b:df ... View more
Labels:

Re: Certificate Error in Global Protect Portal

by in General Topics
‎02-22-2013 02:09 AM
‎02-22-2013 02:09 AM
Hello I'm trying to use a certificate from our Corporate CA (Windows 2003) with GlobalConnect Gateway and Portal I've loaded the certificate, the private key  and the root certificate. I've marked the root certifcate as Trusted Root CA. I've configured the gateway with the server certificate, but I get this error: What kind of certificate should I issue ? ... View more

Re: External CA Management Certificate

by in General Topics
‎02-22-2013 01:12 AM
‎02-22-2013 01:12 AM
Thank you ... View more

Re: Any idea about 3rd party verisign certificate with GlobalProtect ?

by in General Topics
‎02-22-2013 01:02 AM
‎02-22-2013 01:02 AM
Hello My question is about the type of certificate you have to issue as there are several templates on the Windows CA ... View more

External CA Management Certificate

by in General Topics
‎02-20-2013 11:27 AM
‎02-20-2013 11:27 AM
Hello Is it possible to use an external certificate from our corporate CA for the SSL Management Interface of the firewall? I have already Imported it, and the corporate root certificate, but I don't know how to change the management interface configuration, which is using a certificate issued by the own Palo Alto Firewall (version 4.1.10) Thank you in advance, ... View more
Labels:

Re: Any idea about 3rd party verisign certificate with GlobalProtect ?

by in General Topics
‎02-15-2013 04:50 PM
‎02-15-2013 04:50 PM
Hello How did you generate user certificates from AD? Which template did you use? Did you generate a Gateway Certificate too? Thanks ... View more

GlobalProtect Vsys issue

by in General Topics
‎02-04-2013 05:37 AM
‎02-04-2013 05:37 AM
Hello I want to configure GlobalProtect Remote Access to limit the connection to a Vsys from external administration users to just the ones that uses VPN. I have tried on a PA-200 and works but There's an error when I configure the same settings on PA-5050 with Vsys. The error message I get is: Invalid configuration. Schema verification failed. network -> tunnel -> global-protect-gateway -> Gateway_PCI -> tunnel-interface 'tunnel.1' is not a valid reference I have tried to assign the tunnel Interface to the same Virtual Router as the interfaces that belong to that Vsys. It hasn't worked either when I assign it to a different Virtual Router or None. I've also tried to assign it to different security zones with no success. Is there something special to bear in mind in order to make GlobalProtect work with vsys? ... View more
Labels:
Register or Sign-in
Contact Me
Online Status
Offline
Date Last Visited
‎01-16-2026 12:13 AM
Latest Tags
No tags yet
Likes Given To
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks