Security

Reply
Frequent Contributor I

Palo Alto Networks Integration for UserID Identification

Hi All
I'd like to get some feedback about the scalability to configure ClearPass all the post authentication via enforcement to our PAN firewalls. I have a multiregional PAN and ClearPass Deployment and I want to understand the flows and the impact on the cluster and on the network.

1) Would it be better approach to breakdown the WLAN Services in ClearPass to just send the regional WLAN PAN logs to the regional PAN?
2) Is there a better way to group the enforcement for the regional PAN instead of adding multiple enforcement?
3) Is there a better way to just sent all the logs to Panorama and have all the PAN querying Panorama instead?
4) Are all the logs sent from Publisher to each PAN firewall?
5) Is the Inisight DB being impacted but this setup?
6) What will be the best location for the Insight DB Master? Running Insight on the Publisher or on a separate Subscriber?

In general. I have some concerns about UserID functionality in terms of the amount of data sent from ClearPass to each firewall, network bandwidth and multiple enforcement profiles needed on clearPass so I'm looking for some feedback from people already using it in a multiple region environment with multiple PAN firewalls

Thanks in advanced!

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: