This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About DaneMutters
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About DaneMutters
10-29-2018
3Posts
1Like
0Solutions
Oct 29, 2018Last Visited
User
Activity
User
Profile
Latest posts by DaneMutters
| Subject | Views | Posted |
|---|---|---|
| 3567 | 10-12-2018 09:30 AM | |
| 3772 | 10-11-2018 01:56 PM | |
| 3796 | 10-11-2018 12:49 PM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 10-12-2018 09:30 AM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 2 Likes | |||
| 1 Like |
User Badges
Community Statistics
| Member Since | 09-10-2018 09:06 AM |
| Date Last Visited | 10-29-2018 12:15 PM |
| Posts | 3 |
| Total Likes Received | 1 |
10-12-2018
09:30 AM
1 Kudo
That did the trick! I added static routes for both tunnels, and now it's working. Thank-you, both!
... View more
10-11-2018
01:56 PM
Thanks for the reply, Otakar.Klier. There aren't any entries from the Management interface (192.169.1.245) to the DC, but there are some from the LAN interface (192.168.1.1) to the DCs (10.250.11.50 and 10.250.12.50). Currently, I have rules allowing all LAN traffic to pass through the tunnel, in both directions. Threat scanning and decryption have not yet been configured, so they shouldn't be blocking anything. I also have rules allowing all traffic from Management to/from the tunnel (temporarily). Curiously, neither of those rules are getting hit; instead, it's hitting the Internet egress rule from LAN to WAN.
... View more
10-11-2018
12:49 PM
Hello. I'm trying to configure UserID via our domain controllers in AWS. The setup: We have an HA PA-820 pair on-prem connected to our domain in AWS via a redundant IPsec tunnel. Traffic is passing between LAN and IPsec zones; on-prem workstations can ping both domain controllers. I have configured an LDAP Server Profile, an Authentication Profile, and User Identification. The problem: When I went to set up an LDAP Server Profile, the "Base DN" dropdown did not auto-populate with our domain name, despite the domain controllers' addresses having been entered into the appropriate field. I've manually entered the Base DN, in hopes that it might work, anyway. However, when I try to test the LDAP configuration, I get this: test authentication authentication-profile domain.org-auth-profile username user@ domain . org password Enter password : Server error : domain . org -auth-profile is invalid authentication-profile.Current target-vsys is none test -> authentication -> authentication-profile is invalid In Device > Setup > Service Route Configuration, I have configured LDAP to go through the LAN interface, to no avail. Configuring it to go through one of the tunnel interfaces also hasn't worked. I have configured a security rule to allow traffic from Management to LAN, but I'm not seeing any hits on that rule in the traffic monitor. What am I missing? Any help you can provide would be very much appreciated.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
10-29-2018
12:15 PM
|
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks