Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass/Palo Alto Integration

This thread has been viewed 9 times

  • 1.  Clearpass/Palo Alto Integration

    Posted Sep 09, 2015 01:37 PM

    Does the user account used to log into the firewall need to be a domain admin account?  I had this working fine until I removed domain admin rights from the service account used to log into the firewall.



  • 2.  RE: Clearpass/Palo Alto Integration

    EMPLOYEE
    Posted Sep 09, 2015 01:38 PM
    No, you usually use a local admin user on the Palo.


  • 3.  RE: Clearpass/Palo Alto Integration

    Posted Sep 09, 2015 01:44 PM

    I think I know whats going on.  It a RADIUS auth acct and I have domain admins attached to allow on the backend server.



  • 4.  RE: Clearpass/Palo Alto Integration

    Posted Sep 09, 2015 07:40 PM

    I show in my latest TechNote how to utilize the PAN inbuilt domain RBAC to minimize the account privileges required to this account. 

     

    Can't understand why it would need domain admins rights, ubless you are have created some differing auth-profile/auth-sequence.... can U check your auth sequence stil lcheck the Local DB for your user? 



  • 5.  RE: Clearpass/Palo Alto Integration

    Posted Sep 10, 2015 09:32 AM

    I have enabled RADIUS auth only into the FW's (admin mgmt into the fw's).  In NPS (Server 2012), you can only add an AD group (as far as I understand).  That group seems to only work if in domain admins.