Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
Palo Alto Networks Firewall Integration
The User-Identification (User-ID) feature of the Palo Alto Networks firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. allows network administrator to configure and enforce firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. policies based on users and user groups. The User-ID identifies the user on the network based on the IP address of the device to which the user is logged in. Additionally, a firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. policy can be applied based on the type of device the user is using to connect to the network. Since the Mobility Conductor maintains the network and user information of clients in the network, it is the best source to provide information for the User-ID feature of the PAN firewall Firewall is a network security system used for preventing unauthorized access to or from a private network..
The procedures in this chapter describe the steps to integrate a Palo Alto Networks firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. with a Mobility Conductor or managed device. , Managed Device Feature Overview.
This feature supports the following interactions with Palo Alto Networks firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. servers running PAN-OS 5.0 or later:
- Sends login events for the client to the PAN firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. with its IP address, username, and device type, when classified.
- Sends logout events for the client to PAN firewalls Firewall is a network security system used for preventing unauthorized access to or from a private network. with its IP address.
The following must be configured on the PAN Firewall Firewall is a network security system used for preventing unauthorized access to or from a private network.:
- An admin account must be created on the PAN firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. to allow the managed device to send data to the PAN firewall Firewall is a network security system used for preventing unauthorized access to or from a private network.. This account must match the account added in the PAN profile on the managed device. The built-in admin account can be used for this purpose, but that is not recommended. It is better to create a new admin account used solely for the purpose of communications between the managed device and PAN firewall Firewall is a network security system used for preventing unauthorized access to or from a private network..
- Pre-configuration of PAN Host Information Profile objects and HIP-profiles on the PAN Firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. to support a device-type based policy.
- To enable these features, the following must be configured on the managed device:
- The system-wide PAN profile must be properly configured and made active on the managed device.
- The parameter in the AAA Authentication, Authorization, and Accounting. AAA is a security framework to authenticate users, authorize the type of access based on user credentials, and record authentication events and information about the network access and network resource consumption. profile to which the client is associated must be enabled.
- For VPN Virtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. clients, enable the parameter in the VPN Virtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. authentication profile to which the client is associated.
PAN Firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. Integration does not support bridge forwarding mode.
