Tag Archives: Microsoft Active Directory

Joining an Active Directory: A Packet Capture

What happens on the network if you’re joining a Microsoft Active Directory domain? Which protocols are used? As I suspected, it’s a bit more complex than just seeing a single known protocol like HTTPS. ;)

Since a PCAP is worth a thousand words, I captured the process of a Windows PC joining an AD. Let’s have a look at it with Wireshark. And, as always, you’re welcome to download the packet capture to analyse it by yourself.

Continue reading Joining an Active Directory: A Packet Capture

Palo Alto: User Group Count Exceeds Threshold

We have run into an annoying situation: A hardware-dependent limit of user groups on a Palo Alto Next-Generation Firewall. That is: We cannot use more Active Directory groups at our firewalls. The weird thing about this: We don’t need that many synced groups on our Palo, but we have to do it that way since we are using nested groups for our users. That is: Palo Alto does not support nested groups out of the box, but needs all intermediary groups to retrieve the users which results in a big number of unnecessary groups.

I am asking you to give me some input on how you’re using user groups on the Palo. How are you using group filters? What count of AD groups do you have? Are you using nested groups (which is best practice)?

Continue reading Palo Alto: User Group Count Exceeds Threshold

Common Palo Alto Application Groups

There are a few application groups that I am almost always using at the customer’s site. These are groups for Microsoft Active Directory, file transfer, and print. Furthermore, I am using a group for all of the Palo Alto Networks management applications itself, a general management group, and two different groups for VPNs (GlobalProtect and site-to-site). Finally, I tested a group for the AVAYA VoIP systems.

Following are the set commands for these groups so that anyone can easily configure them through the CLI.

Continue reading Common Palo Alto Application Groups