Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Palo Alto VPN / Duo /ClearPass Integration

This thread has been viewed 8 times

  • 1.  Palo Alto VPN / Duo /ClearPass Integration

    Posted Jun 14, 2018 08:42 PM

    Hello,

     

    I'm working with a customer who requrested that we integrate ClearPass with both their Palo Alto and Juniper firewalls (which are currently using Duo Cloud as 2FA for VPN users). The idea being that incoming users would be subject to additional checks and and that the integration allow for single pane viewing in access tracker.

     

    In their current setup, Duo is integrated into their Palos using native methods:

     

    Client (Global Protect) -> Palo Alto -> Duo (AD Connector) : Access Accept

     

    I'm wondering if it's possible to re-architect the existing solultion to integrate CP into the process:

     

    Client (Global Protect) -> Palo Alto -> ClearPass -> Duo (AD Connector) : Access Accept

     

    I haven't found much via the way of documentation on this solution and I'm not sure if it's supported without an on-prem Duo proxy but I'd like to assess my options for integration.

     

    Any insight that can be provided would be greatly appreciated!

     

    Thanks in advance!



  • 2.  RE: Palo Alto VPN / Duo /ClearPass Integration
    Best Answer

    EMPLOYEE
    Posted Jun 14, 2018 08:43 PM
    This would require the on-prem Duo RADIUS server.