Thanks for the reply, Otakar.Klier. There aren't any entries from the Management interface (22.214.171.124) to the DC, but there are some from the LAN interface (192.168.1.1) to the DCs (10.250.11.50 and 10.250.12.50). Currently, I have rules allowing all LAN traffic to pass through the tunnel, in both directions. Threat scanning and decryption have not yet been configured, so they shouldn't be blocking anything. I also have rules allowing all traffic from Management to/from the tunnel (temporarily). Curiously, neither of those rules are getting hit; instead, it's hitting the Internet egress rule from LAN to WAN.
... View more
Hello. I'm trying to configure UserID via our domain controllers in AWS. The setup: We have an HA PA-820 pair on-prem connected to our domain in AWS via a redundant IPsec tunnel. Traffic is passing between LAN and IPsec zones; on-prem workstations can ping both domain controllers. I have configured an LDAP Server Profile, an Authentication Profile, and User Identification. The problem: When I went to set up an LDAP Server Profile, the "Base DN" dropdown did not auto-populate with our domain name, despite the domain controllers' addresses having been entered into the appropriate field. I've manually entered the Base DN, in hopes that it might work, anyway. However, when I try to test the LDAP configuration, I get this: test authentication authentication-profile domain.org-auth-profile username user@ domain . org password Enter password : Server error : domain . org -auth-profile is invalid authentication-profile.Current target-vsys is none test -> authentication -> authentication-profile is invalid In Device > Setup > Service Route Configuration, I have configured LDAP to go through the LAN interface, to no avail. Configuring it to go through one of the tunnel interfaces also hasn't worked. I have configured a security rule to allow traffic from Management to LAN, but I'm not seeing any hits on that rule in the traffic monitor. What am I missing? Any help you can provide would be very much appreciated.
... View more