ArubaOS 8.6.0.0 Help Center
You are here: Home > PAN Firewall Integration > Palo Alto Networks Firewall Integration

 

Palo Alto Networks Firewall Integration

The User-Identification (User-ID) feature of the Palo Alto Networks firewallFirewall is a network security system used for preventing unauthorized access to or from a private network. allows network administrator to configure and enforce firewallFirewall is a network security system used for preventing unauthorized access to or from a private network. policies based on users and user groups. The User-ID identifies the user on the network based on the IP address of the device to which the user is logged in. Additionally, a firewallFirewall is a network security system used for preventing unauthorized access to or from a private network. policy can be applied based on the type of device the user is using to connect to the network. Since the Mobility Master maintains the network and user information of clients in the network, it is the best source to provide information for the User-ID feature of the PAN firewallFirewall is a network security system used for preventing unauthorized access to or from a private network..

 

The procedures in this chapter describe the steps to integrate a Palo Alto Networks firewallFirewall is a network security system used for preventing unauthorized access to or from a private network. with a Mobility Master or managed device. For additional details on configuring PAN firewall integration, see Managed Device Feature Overview

This feature supports the following interactions with Palo Alto Networks firewallFirewall is a network security system used for preventing unauthorized access to or from a private network. servers running PAN-OS 5.0 or later:

Send login events for the client to the PAN firewallFirewall is a network security system used for preventing unauthorized access to or from a private network. with its IP address, username, and device type, when classified.

Send logout events for the client to PAN firewallsFirewall is a network security system used for preventing unauthorized access to or from a private network. with its IP address.

The following must be configured on the PAN FirewallFirewall is a network security system used for preventing unauthorized access to or from a private network.:

An admin account must be created on the PAN firewallFirewall is a network security system used for preventing unauthorized access to or from a private network. to allow the managed device to send data to the PAN firewallFirewall is a network security system used for preventing unauthorized access to or from a private network.. This account must match the account added in the PAN profile on the managed device. The built-in admin account can be used for this purpose, but that is not recommended. It is better to create a new admin account used solely for the purpose of communications between the managed device and PAN firewallFirewall is a network security system used for preventing unauthorized access to or from a private network..

Pre-configuration of PAN Host Information Profile objects and HIP-profiles on the PAN FirewallFirewall is a network security system used for preventing unauthorized access to or from a private network. to support a device-type based policy.

To enable these features, the following must be configured on the managed device:

The system-wide PAN profile must be properly configured and made active on the managed device.

The pan-integration parameter in the AAAAuthentication, Authorization, and Accounting. AAA is a security framework to authenticate users, authorize the type of access based on user credentials, and record authentication events and information about the network access and network resource consumption. profile to which the client is associated must be enabled.

For VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. clients, enable the pan-integration parameter in the VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. authentication profile to which the client is associated.

For VIAVirtual Intranet Access. VIA provides secure remote network connectivity for Android, Apple iOS, Mac OS X, and Windows mobile devices and laptops. It automatically scans and selects the best secure connection to the corporate network. clients, enable the pan-integration parameter in the VIAVirtual Intranet Access. VIA provides secure remote network connectivity for Android, Apple iOS, Mac OS X, and Windows mobile devices and laptops. It automatically scans and selects the best secure connection to the corporate network. authentication profile to which the client is associated.

 

PAN FirewallFirewall is a network security system used for preventing unauthorized access to or from a private network. Integration does not support bridge forwarding mode.

/*]]>*/