Security

Reply
Occasional Contributor I

Re: UPDATED - ClearPass 6.5 and Palo-Alto Networks Integration TechNote V5

Yes, I am seeing an Accounting tab. I have also matched up my session to verify that the IP is under the 'Framed IP Address' field.

Moderator

Re: UPDATED - ClearPass 6.5 and Palo-Alto Networks Integration TechNote V5

Jim,

 

Thanks for confirming that. So, next Q- within AT for an authN session, do you see the on the OUTPUT TAB session-notify for your PANW, something like the below?

ClearPass_Policy_Manager_-_Aruba_Networks.jpg

 

 


Best Regards
-d

Snr Tech Marketing Engineer - ClearPass

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Occasional Contributor I

Re: UPDATED - ClearPass 6.5 and Palo-Alto Networks Integration TechNote V5

I do not see that in the Output. When I attempted to create the 'Trigger' from the document I do not see 'IP-Address-Change-Notification' as an option in enforcement profiles 'Session Restrictions Enforcement' template.Screen Shot 2016-09-15 at 1.55.28 PM.png

Moderator

Re: UPDATED - ClearPass 6.5 and Palo-Alto Networks Integration TechNote V5

Jim,

 R U using the latest version if the technote?

 

V5?

 

ClearPass 6.X and PANW Integration V5

 

 

On page19.... is where you need to be to get this sorted , I think.


Best Regards
-d

Snr Tech Marketing Engineer - ClearPass

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Occasional Contributor I

Re: UPDATED - ClearPass 6.5 and Palo-Alto Networks Integration TechNote V5

Thank you. I am using the latest version of the document, I just don't have the IP-Address-Change-Notification as a drop down item for the step on page 20.

Moderator

Re: UPDATED - ClearPass 6.5 and Palo-Alto Networks Integration TechNote V5

Cool - hopefully, you're on the right track now and will be sorted soon :)

 

Jump back on this thread if you have an issue going forward.


Best Regards
-d

Snr Tech Marketing Engineer - ClearPass

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Occasional Contributor I

Re: UPDATED - ClearPass 6.5 and Palo-Alto Networks Integration TechNote V5

Any idea how to get 'IP-Address-Change-Notification' as an option to choose from?

Moderator

Re: UPDATED - ClearPass 6.5 and Palo-Alto Networks Integration TechNote V5

you don't use that in 6.5 and later, use what's detailed in the technote.....


Best Regards
-d

Snr Tech Marketing Engineer - ClearPass

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
AFK
Contributor II

Re: UPDATED - ClearPass 6.5 and Palo-Alto Networks Integration TechNote V5

We are running two PA firewalls in HA. Do we need to send CPPM updates to both firewalls, or will this be exchanged between the two HA partners?

New Contributor

Re: UPDATED - ClearPass 6.5 and Palo-Alto Networks Integration TechNote V5

I have CPPM 6.5

Two PANs

2050 @ pan6.1xx

3020 @ pan7.1.5

 

I am trying to utilize tags and dynamic address groups to filter on the basic profile fingerprint attributes I see without using GlobalProtect and hip.

 

I am just using my CPPM for guest network access and nothing else so I just need to determine if the user authenticated through the CPPM and nothing more to apply PAN filtering. I actually use another device from Intelligo to manage my secure network using a PAN syslog listener 

 

My cppm is successfully passing domain\username to my two PANs and is being mapped correctly but when I further inspect my ip-user-mapping for a XMLAPI connection I only see the domain\username (email address) the guest user logged in as.

Under groups this user belongs to, it is empty. There is no additional profile info.

 

I've created my device name tags and my address groups on the PANs and have tired using  '_' for spaces and without in the PAN Tag name field.

 

I've followed the directions for 6.5 using pdf v5. Everything looks right.

The fact I'm getting the same results on each of my PANs leads me to believe there is a missing step somewhere.

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: