28 Aug

How to obtain the Base DN or Bind DN Attributes from Active Directory

Basics of Active Directory
With LDAP syntax the Bind DN, or the user authenticating to the LDAP Directory, is derived by using LDAP syntax and going up the tree starting at the user component.

For example, the user user1 is contained in the Users container, under the example.com domain. The corresponding Bind DN will look like the following:

CN=user1,CN=Users,DC=example,DC=com, but this will be discussed in more detail in the following steps.

In the following example, the domain example.com is used to find the Distinguished Name (Bind DN field for the Symantec Encryption Management Server) for user1. After obtaining the correct Distinguished Name, Softerra can be utilized to find users, attributes, and values. The query is detailed below and can be used with Active Directory 2003 and above.

Type the following command and press Enter

dsquery user dc=example,dc=com -name username-here*

If your user has a long name, the * will do a wildcard match for that user.  For the example below, we’ll use a username of “user1”

Or

dsquery user dc=example,dc=com -name user1

These commands will return the correct Bind DN:
“CN=user1,CN=Users,DC=example,DC=com”

Live example:
dsquery user dc=advanxer,dc=com -name palo*
“CN=Palo Alto User ID,OU=Service Accounts,OU=Users,DC=Advanxer,DC=com”

Incoming search terms:

  • active directory bind dn
  • bind dn
  • active dicetory bind dn
  • how to find bind user active directory
  • command to find base distinguish names
  • active directory bind id
  • how to find a bind dn with dsquery
  • bind dn example
  • get base and bind dn
  • find base dn
  • get server bind dn information
  • how to find bind dn
  • get base dn
  • bind distinguished name and base distinguished name in ldap
  • base dn ldap
26 Aug

Palo Alto: Create application override

Situation:
You have HTTP service running on non-standard port and Palo Alto is blocking it

Steps:
1. Define new application
2. Apply policy

Define new application
1. Go to Object→Applications→Add
2. From the Application window, fill up necessary info as per below example.

Apply policy
1. Go to Policy→Application Override→Add
2. Create new policy and select custom application, set to allow

Incoming search terms:

  • palo alto configure custom application overide for rtp and sip vonage
26 Aug

Palo Alto: How to migrate configuration to another unit

Situation:
1. You need to do hardware swap (POC unit to actual unit)
2. You don’t have Panorama, and you need to do hardware swap due to RMA

Steps:
1. Ensure components are in the same version
2. Export and Import config
3. Commit configuration

Ensure components are in the same version
1. Make sure all components (PAN-OS, PAN-DB, Threat Prevention, Wildfire, GlobalProtect) are in the same version, license too.
1. To do PAN-OS software update, navigate to Device→Software
2. To do components update, navigate to Device→Dynamic Updates
3. To do PAN-DB update, navigate to Device→Licenses→PAN-DB Url Filtering

Export and Import config
1. From the old unit, navigate to Device→Setup→Operations

2. Click “Save named configuration snapshot” and give it a name. Example: ABC123.xml

3. Click “Export named configuration snapshot” and select ABC123.xml.

4. From the new unit, navigate to Device→Setup→Operations
5. Click “Import named configuration snapshot” and select ABC123.xml (config file from old unit)
6. Once imported, click “Load named configuration snapshot” and select ABC123.xml

Commit configuration
1. When you click commit, the firewall will start applying the configuration, meaning there’s a possibility that the ip will be duplicated in the network.
2. Normally I only connect Management port in the new unit, and leave other interfaces unplugged.
3. Click commit, and immediately unplug Management interface in the old unit. You will no longer have access to the old unit. New unit will be taking over the Management ip.

Incoming search terms:

  • export palo alto config
  • migration configuraitons from one Palo alto firewall to another
  • move palo alto config to antoher unit
  • palo alto but migration of configuration was skipped some features may not work as expected and/or parts of configuration may have been lost
  • swap in palo alto firewall
  • palo alto migrate to new device
  • cisco port 111 palo alto migration
  • how to migrate a palo alto cluster to other devices
  • how to update baseline configuration in palo alto with xml file
  • import named config snapshot panorma
  • migrate from one palo alto device to another
  • swap palo alto firewalls
  • palo alto configyuration export
  • palo alto copy config from old to new firewall different hardware
  • palo alto firewall swap