Security

Reply
Moderator
Posts: 456
Registered: ‎11-09-2012

TechNotes Posted to support.arubanetworks.com

Team CPPM,

 

 

We have posted a bunch of TechNotes that I’ve written/published internally over the last 12-months to support.arubanetworks.com for general consumption,http://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Default.aspx?EntryId=7961
 
The List of TechNotes published is:  MDM, PKI-101, Palo-Alto, vMotion, Amigopod-Migration, Service-Routing, DELL iDRAC, OnGuard in a Cluster......
 
I have other in DRAFT/WIP such as SLB + CPPM, CPPM in a Cluster.....I will post back here as I get these released and completed in the coming weeks....

Best Regards
-d

Snr Tech Marketing Engineer - ClearPass

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Aruba
Posts: 1,368
Registered: ‎12-12-2011

Re: TechNotes Posted to support.arubanetworks.com

Thanks Danny!  Appreciate all the hard work on this!  

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
MVP
Posts: 1,110
Registered: ‎10-11-2011

Re: TechNotes Posted to support.arubanetworks.com

I had no idea there was a tech notes section on the support site. Thanks for bringing this to my attention. Great info out there!
=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Moderator
Posts: 456
Registered: ‎11-09-2012

Re: TechNotes Posted to support.arubanetworks.com

Its actually been here for ages, but we've never posted any material here really, certainly not in past 12-months since I joined. We have all these TechNotes that I've written that are available internally and it was decided we should 'share-the-love' and make them available to our partners/customers.

 

Hope you find some useful material/content in them. I will ensure as I create/update new docs they get posted here going forward.


Best Regards
-d

Snr Tech Marketing Engineer - ClearPass

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Regular Contributor I
Posts: 159
Registered: ‎03-03-2011

Re: TechNotes Posted to support.arubanetworks.com

Thanks for all your work on these Danny! Good stuff. Especially the certificates doc. 

 

One question in regards to your Palo Alto v4 integration. Must the account on the firewall/panorama need to be a SuperUser / Device-Administrator? Can this be locked down further? I have a very large global customer that wants to do this integration but is wary of creating that high level account. Palo Alto account roles can be very granular so if it can be locked down more that would be fantastic. 

Regards,

Josh
___________
ACMP, ACCP
Moderator
Posts: 456
Registered: ‎11-09-2012

Re: TechNotes Posted to support.arubanetworks.com

Josh,

 

I'll need to do some additional testing......give me today to get through todays 'stuff' and I'll find time to get this tested and post back here for you.

 

OK?


Best Regards
-d

Snr Tech Marketing Engineer - ClearPass

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
MVP
Posts: 1,392
Registered: ‎11-30-2011

Re: TechNotes Posted to support.arubanetworks.com

thank you very much indeed, some of these have been mentioned before, good to have them public now.

Regular Contributor I
Posts: 159
Registered: ‎03-03-2011

Re: TechNotes Posted to support.arubanetworks.com

Sounds good. Thanks Danny.
Regards,

Josh
___________
ACMP, ACCP
Moderator
Posts: 456
Registered: ‎11-09-2012

Re: TechNotes Posted to support.arubanetworks.com

[ Edited ]

Josh,

 

Sorted.

 

So basically what I've setup and tested is this.

 

On the PANW Under Device, Admin Roles, add a new role, say cppm-xml. Then click on the role to edit it, it gives you a pop-up windows with three tabs. Web UI, XML API & Command Line. Under Web UI I disabled everything, under XML API I disabled everything except 'User-ID agent'.

 

Then I created a new Administrator, say cppm-admin, provide a password but change the Role from Dynamic to 'Role Based', choose the Admin Profile previously created in the drop down, then obvioulsy use this new admin profile when configuring the context server on CPPM.

 

I've tested this with PAN-OS 6.01, the config under PAN-OS 5.x looks the same but I've NOT tested it.

 

Hope this help you out. I'll add this snippet to my next CPPM/PANW TechNote. :-)

 

 


Best Regards
-d

Snr Tech Marketing Engineer - ClearPass

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Regular Contributor I
Posts: 159
Registered: ‎03-03-2011

Re: TechNotes Posted to support.arubanetworks.com

Thanks Danny. This is exactly the info I needed.
Regards,

Josh
___________
ACMP, ACCP
Search Airheads
Showing results for 
Search instead for 
Did you mean: