Palo Alto Firewall LDAP Failover

With the default LDAP settings on a Palo Alto firewall, failing over from one LDAP server to another may not work correctly.  You need to tune the LDAP timers and retry intervals down to a lower level.  The settings I used are:

Time Limit: 3
Bind Time Limit: 4
Retry Interval: 900

The official doc is found here: https://live.paloaltonetworks.com/docs/DOC-7420

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s