About soporteseguridad

Hi, we have a cluster Active/passive PA3050 in PanOS 7.0.9. Yesterday we realised that one of our firewalls was having a strange behaviour (event HA), and this morning this FW was in maintenance mode, i had to reinstall the image 7.0.9 and cluster is OK now, but i dont know if this will solve the problem o the problem will happen again.   Can you tell me what it can means this logs related to HA??? any problem in 7.0.9???        Thanks ... View more

Hi,   We realised that our PA is doing something strange with FTP app We have create and above rule (Servidores a INET 1). All our FTP connections involved should match this rule but we see connections which are jumping this rule and mathicng in another one below (Servidores a INET ftp)           This is the log traffic (source 192.168.53.182) where all FTP connections should match going to INET.      But in another rule below we see FTP matches :S Why do we see matches here not in rule above???? The source/destination/NATs are the same for all connections. Any idea?   ... View more

Hi, we have GlobalProtect configured using a LDAP group for authentication in the VPN "cn=groupvpnusers,ou=_generic_groups,dc=it,dc=xxxx,dc=local"   When we commit this new config using vpn group in Auth profile, the GP authenticacion is working fine but 2-3 hours later it starts to fail and we get this error in all users in this group "failed authentication. Reason: User is not in allowlist". To solve it we need to configure all in the "Auth profile" in order to  work again. We dont know why if we use a group in Auth profile the PA is working fine only 2-3 hours. ¿any timeout mapping?¿any refresh? PanOS is 6.0.12   This is the useridd.log after 2 hours using ldap groups for auth VPN:   2016-08-03 13:18:18.042 +0200 debug: pan_authd_service_req(pan_authd.c:3316): Authd:Trying to remote authenticate user: paloaltovpntest 2016-08-03 13:18:18.042 +0200 debug: pan_authd_service_auth_req(pan_authd.c:1158): AUTH Request <'vsys1','LDAP_USER_VPN_FR-1-1','paloaltovpntest'> 2016-08-03 13:18:18.045 +0200 panauth:user <it.xxxxxx.local\paloaltovpntest,LDAP_USER_VPN_FR-1-1,vsys1> is not allowed 2016-08-03 13:18:18.045 +0200 debug: pan_authd_process_authresult(pan_authd.c:1353): pan_authd_process_authresult: it.xxxxxx.local\paloaltovpntest authresult not auth'ed 2016-08-03 13:18:18.054 +0200 debug: pan_authd_process_authresult(pan_authd.c:1399): Alarm generation set to: False. 2016-08-03 13:18:18.054 +0200 User 'it.xxxxxx.local\paloaltovpntest' failed authentication. Reason: User is not in allowlist From: 88.3.65.25 2016-08-03 13:18:18.054 +0200 debug: pan_authd_generate_system_log(pan_authd.c:866): CC Enabled=False   This is when its working (in this case using all in auth profile not ldap group)   2016-08-03 13:24:56.096 +0200 debug: pan_authd_service_req(pan_authd.c:3316): Authd:Trying to remote authenticate user: paloaltovpntest 2016-08-03 13:24:56.096 +0200 debug: pan_authd_service_auth_req(pan_authd.c:1158): AUTH Request <'vsys1','LDAP_USER_VPN_FR-1-1','paloaltovpntest'> 2016-08-03 13:24:56.098 +0200 debug: pan_authd_common_authenticate(pan_authd.c:1654): Authenticating user using  2016-08-03 13:24:56.125 +0200 debug: pan_authd_authenticate_service(pan_authd.c:629): authentication succeeded (0) 2016-08-03 13:24:56.125 +0200 debug: pan_authd_authenticate_service(pan_authd.c:635): account is valid 2016-08-03 13:24:56.125 +0200 authentication succeeded for user <vsys1,LDAP_USER_VPN_FR-1-1,it.xxxxxx..local\paloaltovpntest> 2016-08-03 13:24:56.125 +0200 debug: pan_authd_process_authresult(pan_authd.c:1353): pan_authd_process_authresult: it.xxxxxxx..local\paloaltovpntest authresult auth'ed 2016-08-03 13:24:56.126 +0200 Request received to unlock vsys1/LDAP_USER_VPN_FR-1-1/it.xxxxxx.local\paloaltovpntest 2016-08-03 13:24:56.131 +0200 User 'it.xxxxxxx.local\paloaltovpntest' authenticated. From: 85..x.x.x ... View more