Palo Alto Firewall LDAP Failover

February 09, 2015 0 Comments palo alto networks

With the default LDAP settings on a Palo Alto firewall, failing over from one LDAP server to another may not work correctly.  You need to tune the LDAP timers and retry intervals down to a lower level.  The settings I used are:

Time Limit: 3
Bind Time Limit: 4
Retry Interval: 900

The official doc is found here: