Palo Alto Firewall LDAP Failover

With the default LDAP settings on a Palo Alto firewall, failing over from one LDAP server to another may not work correctly.  You need to tune the LDAP timers and retry intervals down to a lower level.  The settings I used are:

Time Limit: 3
Bind Time Limit: 4
Retry Interval: 900

The official doc is found here: https://live.paloaltonetworks.com/docs/DOC-7420