Hello. I'm trying to configure UserID via our domain controllers in AWS. The setup: We have an HA PA-820 pair on-prem connected to our domain in AWS via a redundant IPsec tunnel. Traffic is passing between LAN and IPsec zones; on-prem workstations can ping both domain controllers. I have configured an LDAP Server Profile, an Authentication Profile, and User Identification. The problem: When I went to set up an LDAP Server Profile, the "Base DN" dropdown did not auto-populate with our domain name, despite the domain controllers' addresses having been entered into the appropriate field. I've manually entered the Base DN, in hopes that it might work, anyway. However, when I try to test the LDAP configuration, I get this: test authentication authentication-profile domain.org-auth-profile username user@ domain . org password Enter password : Server error : domain . org -auth-profile is invalid authentication-profile.Current target-vsys is none test -> authentication -> authentication-profile is invalid In Device > Setup > Service Route Configuration, I have configured LDAP to go through the LAN interface, to no avail. Configuring it to go through one of the tunnel interfaces also hasn't worked. I have configured a security rule to allow traffic from Management to LAN, but I'm not seeing any hits on that rule in the traffic monitor. What am I missing? Any help you can provide would be very much appreciated.
... View more