You are here: CLI_commands > firewall-external-enforcement
Previous TopicNext Topic

firewall-external-enforcement

firewall-external-enforcement pan

disable

enable

ip <address>

port <port>

user <name> <password>

no…

Description

This command configures external firewall details such as Palo Alto Networks (PAN) firewall to enable integration with the IAP.

Syntax

Parameter

Description

Range

 Default
firewall-external-enforcement pan PAN firewall configuration sub-mode.

disable

 Disables PAN firewall.

enable

 Enables PAN firewall.

ip <address>

Configures PAN firewall IP address on the IAP

port <port>

Configures a port for the PAN firewall 1—65535 443

user <name> <password>

 Configures administrator user credentials of PAN firewall on an IAP.

no…

 Removes the specified configuration parameter.

Usage Guidelines

Use this command to enable external firewall integration with n IAP. In Instant 6.3.1.1-4.0 release, IAPs can be integrated with external firewall such as PAN firewall. The PAN firewall is based on user ID, which provides many methods for connecting to sources of identity information and associating them with firewall policy rules. The functionality provided by the PAN firewall based on user ID requires the collection of information from the network. IAP maintains the network (such as mapping IP address) and user information for those clients in the network and provides the required information for the user ID feature on PAN firewall.

To enable IAP integration with PAN firewall, a global profile configured on IAP with PAN firewall information such as IP address, port, user name, password, firewall enabled or disabled status.

Example

The following example configures PAN firewall information on an IAP:

(Instant AP)(config)# firewall-external-enforcement pan

(Instant AP)(firewall-external-enforcement pan)# enable

(Instant AP)(firewall-external-enforcement pan)# ip 192.0.2.11

(Instant AP)(firewall-external-enforcement pan)# port 443

(Instant AP)(firewall-external-enforcement pan)# user admin1 admin1

(Instant AP)(firewall-external-enforcement pan)# end

(Instant AP)# commit apply

Command History

Version

Description
Aruba Instant 6.3.1.1-4.0

This command is introduced.

Command Information

IAP Platform

Command Mode

All platforms

Configuration mode and firewall-external-enforcement sub-mode.