03-05-2015 11:17 AM
I have my firewall for VPN users setup to 802.1x auth (radius) to clearpass. I want to setup a second form of validation, example 802.1x AD auth and machine auth allows access/authorization for VPN user access. Point me in the right direction ??
03-05-2015 11:24 AM
Technical Specialist II, Bird Rock Systems, Inc.
Phone: (858) 346-1384
"We Build Rock Solid Solutions"
03-05-2015 01:01 PM
You don't need any particular licensing for Palo Alto to use ClearPass as a RADIUS server.
You can create a server profile in PA referencing the ClearPass servers and then create VPN / globalprotect profiles in PA that utilise this server group. The complex configuration is when you want to pass context data between the two systems for user / posture based firewall rules. This isn't necessary to implement basic VPN functionality.
03-06-2015 09:02 AM
I just want to ad, that for the basic level of integration between CPP & PANW no special licnesing is required.
Follow my PANW/CPPM integration guide that covers the basic userid conig and you'll get username/domain/SRC IP@/device-type (generic).
Snr Tech Marketing Engineer - ClearPass
-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
03-06-2015 09:27 AM
Is your VPN client capable of doing machine authentication?
If not, you'll have to use some logic in the Endpoints Repository to mimic this functionality.
Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP