About RPerez11

I have my PA-200 on virtual wire mode with Captive Portal using SSL Decrypt for all users with Self Signed Certificate. When the users try to navigate on crhrome browser to internet they receive NET::ERR_CERT_COMMON_NAME_INVALID that doesn't permit to bypass for go to untrust site. When i manually enter a site that support http or another certificate method, is possible to navigate to the the unsafe site and Captive Portal works very well (Also I have Decryption profile and it also works)   I read that it is common issue on Google, So I manually put a Subject Alternate name on attributes (host, ip, alt-email) to the Certificate, after export to the PC user like a root trust certificate but it doesn't works    On my case, all trust users takes DHCP IPs of the Router above the FW so default gateway is the router IP (virtual wire doesn't provide a FW IP) . I manually generate a certificate with the router IP but still doesn't works 😞   Any Idea or suggestion?   ... View more

Hi Folks. aAnyone know if the integration to external GP users to LDAP and Radius integrtion works in the same process? I probe the integration between Palo Alto - Google Authenticator trough RADIUS and it works perfectly. But now I need to integrate the same with LDAP in the entire authentication process. So customer wants:   GP user opens and authenticate - User Mapping with LDAP Profile - Sends to user the authcode - login with the token   I can't fin the configuration process. Can you help me? ... View more