About Satyak

Hi Friends,   We have configured the duo mfa for global protect users. We have configured all the requirements for the duo using the below mentioned link. https://duo.com/docs/paloalto   But still the MFA is not working. I have some logs related to this but Can you please help me where we are missing or making a mistake.   Logs :   2023-06-12 13:32:04.800 -0700 debug: _authenticate_initial(pan_auth_state_engine.c:2459): Trying to authenticate (init auth): <profile: "DUO-Authentication-Profile", vsys: "vsys1", policy: "", username "rajeev"> ; timeout setting: 25 secs ; authd id: 7243124266353295669 2023-06-12 13:32:04.800 -0700 debug: _get_auth_prof_detail(pan_auth_util.c:1112): non-admin user thru Global Protect "rajeev" ; auth profile "DUO-Authentication-Profile" ; vsys "vsys1" 2023-06-12 13:32:04.800 -0700 debug: _get_authseq_profile(pan_auth_util.c:893): Auth profile/vsys (DUO-Authentication-Profile/vsys1) is NOT auth sequence 2023-06-12 13:32:04.800 -0700 debug: _retrieve_svr_ids(pan_auth_service.c:645): could not find auth server id vector for DUO-Authentication-Profile-vsys1-mfa 2023-06-12 13:32:04.800 -0700 debug: add_info_from_auth_profile_to_request(pan_auth_util.c:1068): MFA is not configured for the auth profile. No mfa server ids for the user "" (prof/vsys: DUO-Authentication-Profile/vsys1) 2023-06-12 13:32:04.800 -0700 debug: add_info_from_auth_profile_to_request(pan_auth_util.c:1079): MFA configured, but bypassed for GP user ''. (prof/vsys: DUO-Authentication-Profile/vsys1) 2023-06-12 13:32:04.800 -0700 debug: _authenticate_initial(pan_auth_state_engine.c:2648): Keep original username, i.e., whatever end-user typed, "rajeev" in request->username 2023-06-12 13:32:04.801 -0700 debug: pan_auth_locklist_response_process(pan_auth_state_engine.c:4358): b_postauth_grpcheck=true, delay allow list check 2023-06-12 13:32:04.801 -0700 debug: _authenticate_by_localdb_or_remote_server(pan_auth_state_engine.c:1892): Authenticating user "rajeev" with <profile: "DUO-Authentication-Profile", vsys: "vsys1"> 2023-06-12 13:32:04.801 -0700 debug: _retrieve_svr_ids(pan_auth_service.c:648): find auth server id vector for DUO-Authentication-Profile-vsys1 2023-06-12 13:32:04.801 -0700 debug: pan_authd_radius_create_req_payload(pan_authd_radius.c:236): username: rajeev 2023-06-12 13:32:04.801 -0700 debug: pan_make_radius_request_buf(pan_authd_radius_prot.c:396): RADIUS request type: PAP 2023-06-12 13:32:30.407 -0700 debug: auth_svr_timeout_sent_request(pan_auth_svr.c:263): timeout auth request (authd id=7243124266353295669, username=rajeev) since total elapsed sec 26 >= max allowed secs: 25 2023-06-12 13:32:30.407 -0700 debug: pan_auth_response_process(pan_auth_state_engine.c:4554): auth status: auth timed out 2023-06-12 13:32:30.407 -0700 debug: pan_auth_response_process(pan_auth_state_engine.c:4810): Auth FAILED for user "rajeev" thru <"DUO-Authentication-Profile", "vsys1">: remote server 192.168.10.198 of server profile "DUO-Service-Profile" is down, or in retry interval, or request timed out (elapsed time 26 secs, max allowed 25 secs) 2023-06-12 13:32:30.407 -0700 failed authentication for user 'rajeev'. Reason: Authentication request is timed out. auth profile 'DUO-Authentication-Profile', vsys 'vsys1', server profile 'DUO-Service-Profile', server address '192.168.10.198', auth protocol 'PAP', From: 49.14.159.62. 2023-06-12 13:32:30.407 -0700 debug: _log_auth_respone(pan_auth_server.c:311): Sent PAN_AUTH_FAILURE auth response for user 'rajeev' (exp_in_days=0 (-1 never; 0 within a day))(authd_id: 7243124266353295669) 2023-06-12 13:32:47.374 -0700 debug: cfgagent_opcmd_callback(pan_cfgagent.c:520): authd: cfg agent received op command from server 2023-06-12 13:32:47.374 -0700 debug: cfgagent_doop_callback(pan_cfgagent.c:555): received signal to execute for agent: authd 2023-06-12 13:32:47.374 -0700 debug: pan_authd_opcmd_handler(pan_auth_ops.c:1057): Start executing cmd: "show_user_auth_stat_internal" 2023-06-12 13:32:47.375 -0700 debug: pan_authd_show_user_auth_stat_internal(pan_auth_ops.c:997): Got admin user "admin" last successful login time: 06/12/2023 11:18:58 ; number of failed attempts since last successful login: 0 2023-06-12 13:32:47.375 -0700 debug: pan_authd_opcmd_handler(pan_auth_ops.c:1062): Return: "<last-successful-login-time>06/12/2023 11:18:58</last-successful-login-time><failed-attempts-since-last-successful-login>0</failed-attempts-since-last-successful-login>" 2023-06-12 13:32:47.375 -0700 debug: pan_authd_opcmd_handler(pan_auth_ops.c:1063): Finish executing cmd: "show_user_auth_stat_internal" 2023-06-12 13:32:49.841 -0700 debug: cfgagent_opcmd_callback(pan_cfgagent.c:520): authd: cfg agent received op command from server 2023-06-12 13:32:49.841 -0700 debug: cfgagent_doop_callback(pan_cfgagent.c:555): received signal to execute for agent: authd 2023-06-12 13:32:49.841 -0700 debug: pan_authd_opcmd_handler(pan_auth_ops.c:1057): Start executing cmd: "show_user_auth_stat_internal" 2023-06-12 13:32:49.841 -0700 debug: pan_authd_show_user_auth_stat_internal(pan_auth_ops.c:997): Got admin user "admin" last successful login time: 06/12/2023 11:18:58 ; number of failed attempts since last successful login: 0 2023-06-12 13:32:49.841 -0700 debug: pan_authd_opcmd_handler(pan_auth_ops.c:1062): Return: "<last-successful-login-time>06/12/2023 11:18:58</last-successful-login-time><failed-attempts-since-last-successful-login>0</failed-attempts-since-last-successful-login>" 2023-06-12 13:32:49.841 -0700 debug: pan_authd_opcmd_handler(pan_auth_ops.c:1063): Finish executing cmd: "show_user_auth_stat_internal" 100%   Thanks and Regards Satya Kalyan. ... View more

Hi Friends,   We have a requirement we have cloud server Oracle cloud When ever user from LAN tries to access the resources over the cloud user is able to login but unable to access any resources. While checking in logs it is showing tcp-rst-from-client. I am attaching the screenshot and session flow for reference. I am also attaching the wire shark screenshot for reference.   I have tried by changing the tcp settings Asymmetric Path to bypass.   Session Flow. Session 125186 c2s flow: source: 10.30.20.91 [Trust] dst: 10.30.22.100 proto: 6 sport: 50463 dport: 443 state: INIT type: FLOW src user: unknown dst user: unknown qos node: tunnel.44, qos member N/A Qid 0 s2c flow: source: 10.30.22.100 [Untrust] dst: 10.30.20.91 proto: 6 sport: 443 dport: 50463 state: INIT type: FLOW src user: unknown dst user: unknown qos node: ae1, qos member N/A Qid 0 start time : Thu Jun 1 18:26:47 2023 timeout : 30 sec total byte count(c2s) : 18951 total byte count(s2c) : 23013 layer7 packet count(c2s) : 41 layer7 packet count(s2c) : 38 vsys : vsys1 application : ssl rule : Test Vinay service timeout override(index) : False session to be logged at end : True session in session ager : False session updated by HA peer : False layer7 processing : completed URL filtering enabled : True URL category : not-resolved session via syn-cookies : False session terminated on host : False session traverses tunnel : True session terminate tunnel : False captive portal session : False ingress interface : ae1 egress interface : tunnel.44 session QoS rule : N/A (class 4) tracker stage firewall : TCP RST - client tracker stage l7proc : ctd decoder done end-reason : tcp-rst-from-client   Can you help me what might be the resolution for this.   Regards, Satya Kalyan.   ... View more

Hi Friends,   We have a requirement related to global protect. Condition: User tries to connect to global protect and fails to login. If he tries for three or more times to connect to global protect and fails to login an email alert should come to my mail id.   I have configured email alerts in my firewall but can we specifically customize by above mentioned condition.  Could you please help me with the requirement is it possible or not ?   Regards Satya Kalyan. ... View more

Hi    In a recent few days we are seeing the below mentioned email alert coming to the customer mail box every day SENSOR MEMORY: SLOT-0 MANAGEMENT MEMORY (SNMP MEMORY) I am attaching the screenshot for reference.     Regards, Satya Kalyan ... View more