02-25-2014 10:31 AM
We currently have Palo Alto Firewalls (HA pair) and the rest of our infrastructure is Aruba. (Mobility switches, Airwave,Clearpass,7210 Controller)
Is it possible to use the Palo Alto VPN and have it play nice with Clearpass to give users roles? Or would it be better to use VIA or another Aruba application/appliance to make this happen?
We would like our users to be able to connect back to our office while traveling when RAPs do not make much sense. This means we need to decide which type of VPN approach we want to take. I am sure Palo Alto has the ability to place users in respective VLANs but if I already have the logic setup in Clearpass I'm hoping not to have to do it again.
02-25-2014 10:39 AM
Of course Aruba's VIA will work for your remote users however, I think the question is really centered around Palo Alto.
So, yes, Clearpass will interoperate using RADIUS to any device. However, the policy enforcement is really matched up to what the authenticator supports. If PA support something specific like a VSA, then we can absolutely pass that back.
Consulting Systems Engineer - ACCX, ACDX, ACMX
If you found my post helpful, please give kudos