This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About Grekko
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About Grekko
06-17-2021
3Posts
0Likes
1Solution
Jun 17, 2021Last Visited
User
Activity
User
Profile
Latest posts by Grekko
| Subject | Views | Posted |
|---|---|---|
| 3775 | 06-17-2021 08:01 AM | |
| 3799 | 06-15-2021 12:39 PM | |
| 3878 | 06-13-2021 05:20 AM |
User Badges
Community Statistics
| Member Since | 03-14-2021 07:55 PM |
| Date Last Visited | 06-17-2021 08:02 AM |
| Posts | 3 |
06-17-2021
08:01 AM
I fixed this by pointing the service route for the user-id agent and ldap to the internal/trusted interface instead of the management interface. The server is connected now and is working. Thanks
... View more
06-15-2021
12:39 PM
Thanks for your assistance with this. I am using userID agentless I can ssh to the PA and ping the AD server 10.x.x.x using: ping source <192.x.x.x – management IP> host 10.x.x.x – AD server IP> ping source <10.x.x.x – management internal/trust IP> host 10.x.x.x – AD server IP> The server can also ping the PA Check the box to ensure it parses through all rules until first allow rule. This way you should be able to see which zones the traffic is traversing (ensuring we aren't moving down the tunnel). I suspect the solution lies in here. Any easier way to do this test from the GUI? My experience is not great and I am not using Panorama like the documentation describes. Any specific “Allow” rule I need to apply to explicitly allow access either to the AD server or to the userID agentless account?
... View more
06-13-2021
05:20 AM
I am trying to integrate PA firewall with newly installed Active Directory server (windows server 2019) but it is not connecting. I get the error Failed to connect to 10.x.x.x(10.x.x.x):389 and the server monitoring status says host unreachable. The group mapping, group include list does not populate as the firewall has not made connection yet. Multiple hosts can ping the server successfully, so it is reachable. I have reinstalled and reconfigured the AD server and also tried with a new server 2016 but get the same error. I have used this configuration before with server 2019 and it connected without any issues. However, this time I do have IPSec and Globalprotect tunnels running and a few other security policies and all of that is working fine. I have checked everything but can’t find what could be wrong. Is a security policy/rule required for the user-id agent? The user ID I created is a member of Event Log Readers, Distributed COM Users and Server Operators. There is already traffic to and from the AD server before trying to setup AD. Any help is appreciated.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-17-2021
08:02 AM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks