Security

Reply
Occasional Contributor II

Palo Alto VPN / Duo /ClearPass Integration

Hello,

 

I'm working with a customer who requrested that we integrate ClearPass with both their Palo Alto and Juniper firewalls (which are currently using Duo Cloud as 2FA for VPN users). The idea being that incoming users would be subject to additional checks and and that the integration allow for single pane viewing in access tracker.

 

In their current setup, Duo is integrated into their Palos using native methods:

 

Client (Global Protect) -> Palo Alto -> Duo (AD Connector) : Access Accept

 

I'm wondering if it's possible to re-architect the existing solultion to integrate CP into the process:

 

Client (Global Protect) -> Palo Alto -> ClearPass -> Duo (AD Connector) : Access Accept

 

I haven't found much via the way of documentation on this solution and I'm not sure if it's supported without an on-prem Duo proxy but I'd like to assess my options for integration.

 

Any insight that can be provided would be greatly appreciated!

 

Thanks in advance!

Guru Elite

Re: Palo Alto VPN / Duo /ClearPass Integration

This would require the on-prem Duo RADIUS server.

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: