top of page
  • Writer's pictureMukesh Chanderia

PA LDAP AD AUTHENTICATION

The default port for LDAP is port 389, but LDAPS uses port 636 and establishes TLS/SSL upon connecting with a client.


Step 1 : Create Server Profile


Device --> Server Profiles --> LDAP






Step 2 :

Go to Device --> User Identification --> Group Mapping Settings




Step 3 :

Now go to Group Include List and AD must expand . If it doesn't then it's not properly configured.



Step 4 : Select Groups from AD whose user's must be authenticated.

Now say we want only users from user & Admin group to be authenticated using AD.



Note if you aren't able to expand DC then there is issue in connecting to AD server.


Step 5 :


Go to Devices --> Create Authentication Profile









Step 6 :


Device --> User Identification


Here is default settings



Click edit




Let's enable Server log monitor session & client probing (By Default they aren't enable)









Step 7 :


Now go to Zone in which you want users to be authenticated & enable user identification.




You may need to enable Source User to see Traffic Monitoring showing user ID



To see details of traffic click on magnifier




9 views0 comments

Recent Posts

See All

PANORAMA

Hook Firewall & Panorama Step 1: Go to Firewall and add the IP address of Primary and secondary Panorama. Step 2: Go to Panorama and in...

Comments


bottom of page