Security

Hi all,

I am in the process of developing a solution for a convention centre client who is looking to replace an aging Nomadix guest system with Clearpass.  We are leaning towards a Palo Alto device for firewall, but I am having a hard time finding a straight answer on whether I can enforce bandwidth contracts properly.

My client wants to provide paid guest access (with hotspot) over wired ports only, with varying levels of service.  Switching network will be HP hardware, but I need to ensure the firewall I choose can enforce the bandwidth contract properly, which I'm assuming will be passed from Clearpass via roles.

Does anyone have any experience with this sort of configuration and can shed some light on it for me?  The best information I've been able to find regarding Clearpass and PA integration was this pdf, but still doesn't provide a clear answer: http://www.arubanetworks.com/assets/pso/PSO_PAN.pdf

Thanks!

Tim

Sounds more like a Palo Alto question.

Check out https://live.paloaltonetworks.com/servlet/JiveServlet/downloadBody/3439-102-2-9377/QoS_in_PAN-OS.pdf for information on QoS and enforcing bandwidth limits.

Yep, and I've been making contact with them too.

Just thought I'd ask the community to see if anyone out there has done it and knows for sure.

Thanks for your reply.

Just figured I'd update this as I have more information now.  Doesn't appear that PA supports the user-role mapping that we'd need to pass in order to enforce the bandwidth limit.  Fortinet does however, so we're moving in that direction now.

This was helpful in my research, if any others are interested:

http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/NEW-TechNote-ClearPass-6-5-and-Fortinet-Integration-covering/td-p/230619