Security

Reply
Contributor I
Posts: 25
Registered: ‎03-27-2015

Clearpass Guest over wired with Palo Alto and bandwidth contracts

Hi all,

 

I am in the process of developing a solution for a convention centre client who is looking to replace an aging Nomadix guest system with Clearpass.  We are leaning towards a Palo Alto device for firewall, but I am having a hard time finding a straight answer on whether I can enforce bandwidth contracts properly.

 

My client wants to provide paid guest access (with hotspot) over wired ports only, with varying levels of service.  Switching network will be HP hardware, but I need to ensure the firewall I choose can enforce the bandwidth contract properly, which I'm assuming will be passed from Clearpass via roles.

 

Does anyone have any experience with this sort of configuration and can shed some light on it for me?  The best information I've been able to find regarding Clearpass and PA integration was this pdf, but still doesn't provide a clear answer: http://www.arubanetworks.com/assets/pso/PSO_PAN.pdf

 

Thanks!

Tim

MVP
Posts: 226
Registered: ‎03-03-2011

Re: Clearpass Guest over wired with Palo Alto and bandwidth contracts

Sounds more like a Palo Alto question.

Check out https://live.paloaltonetworks.com/servlet/JiveServlet/downloadBody/3439-102-2-9377/QoS_in_PAN-OS.pdf for information on QoS and enforcing bandwidth limits.

David
ACDX #98 | ACMP | ACCP
Contributor I
Posts: 25
Registered: ‎03-27-2015

Re: Clearpass Guest over wired with Palo Alto and bandwidth contracts

Yep, and I've been making contact with them too.

 

Just thought I'd ask the community to see if anyone out there has done it and knows for sure.

 

Thanks for your reply.

Contributor I
Posts: 25
Registered: ‎03-27-2015

Re: Clearpass Guest over wired with Palo Alto and bandwidth contracts

Just figured I'd update this as I have more information now.  Doesn't appear that PA supports the user-role mapping that we'd need to pass in order to enforce the bandwidth limit.  Fortinet does however, so we're moving in that direction now.

 

This was helpful in my research, if any others are interested:

 

http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/NEW-TechNote-ClearPass-6-5-and-Fortinet-Integration-covering/td-p/230619

Search Airheads
Showing results for 
Search instead for 
Did you mean: