Controllerless Networks

last person joined: 7 minutes ago 

Aruba Instant Wi-Fi: Meet the controllerless Wi-Fi solution that's easy to set-up, is loaded with security and smarts, and won't break your budget.
Expand all | Collapse all

Instant and Palo Alto Captive Portal

This thread has been viewed 0 times
  • 1.  Instant and Palo Alto Captive Portal

    Posted Jan 24, 2017 08:46 PM

    G'day everyone,

     

    I'm having a few issues with a wireless deployment, basically have a Palo Alto Firewall, Aruba IAP-215's and I've configured multiple SSID's. One of the SSID's uses 802.1x authentication for staff to access using their domain credentials.

     

    Every user that authenticates with 802.1x on that SSID is then further presented the palo alto captive portal page to again sign in with their user credentials.

     

    Now I've been reading a bit about the Network Integration capability with PANOS and the ability to pass user-id to the firewall. Documentation is a bit vague on whether this will resolve my issue as I simply want users to be able to authenticate once and have the credentials passed to the PAN therefore preventing them having to authenticate a second time.

     

    Can anyone please lend some assistance or provide some documentation if this is possible?



  • 2.  RE: Instant and Palo Alto Captive Portal

    Posted Jan 24, 2017 09:41 PM

    Have you already seen this documentation?  http://www.arubanetworks.com/techdocs/ArubaOS_65x_WebHelp/Web_Help_Index.htm#ArubaFrameStyles/PAN Firewall Integration/PAN Firewall Integration.htm%3FTocPath%3DArubaOS%2520User%2520Guide%2520Topics%7CPAN%2520Firewall%2520Integration%7C_____0

     

    http://www.arubanetworks.com/pdf/partners/SG_PaloAltoNetworks.pdf

     

     



  • 3.  RE: Instant and Palo Alto Captive Portal

    Posted Jan 24, 2017 11:31 PM

    Hey Colin,

     

    Thanks for your reply. This gives a lot of good info: http://www.arubanetworks.com/pdf/partners/SG_PaloAltoNetworks.pdf

     

    Thanks for that.

     

    I've now got it configured, however I'm seeing some errors in the logs.

     

    Errors below:

     

    Jan 25 13:49:18  awc[3596]: awc_init_connection: 2129: connecting to xxx.xxx.xxx.xxx:443
    Jan 25 13:49:18 awc[3596]: tcp_connect: 167: recv timeout set to 5
    Jan 25 13:49:18 awc[3596]: tcp_connect: 174: send timeout set to 5
    Jan 25 13:49:18 awc[3596]: awc_init_connection: 2170: connected to xxx.xxx.xxx.xxx:443
    Jan 25 13:49:18 awc[3596]: awc_init_connection: 2306: Connected
    Jan 25 13:49:18 awc[3596]: Message over SSL from xxx.xxx.xxx.xxx, SSL_read() returned 640, errstr=Success, Message is "HTTP/1.1 200 OK^M Server: ^M Date: Wed, 25 Jan 2017 04:19:18 GMT^M Content-Type: application/xml; charset=UTF-8^M Content-Length: 123^M Connection: close^M ETag: "2474e-12b-57054661"^M Pragma: no-cache^M Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0^M Access-Control-Allow-Origin: ^M Expires: Thu, 19 Nov 1981 08:52:00 GMT^M X-FRAME-OPTIONS: SAMEORIGIN^M Status : 403 Type [user-id] not authorized for user role.^M Set-Cookie: PHPSESSID=5093a2c15d0f83e31efce9560ac932e9; path=/; secure; HttpOnly^M ^M <response status = 'error' code = '403'><result><msg>Type [user-id] not authorized for user role.</msg></result></response>", AWC response: (null)
    Jan 25 13:49:18 awc[3596]: Message over SSL from xxx.xxx.xxx.xxx, SSL_read() returned 0, errstr=Success, Message is "", AWC response: HTTP/1.1 200 OK^M Server: ^M Date: Wed, 25 Jan 2017 04:19:18 GMT^M Content-Type: application/xml; charset=UTF-8^M Content-Length: 123^M Connection: close^M ETag: "2474e-12b-57054661"^M Pragma: no-cache^M Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0^M Access-Control-Allow-Origin: ^M Expires: Thu, 19 Nov 1981 08:52:00 GMT^M X-FRAME-OPTIONS: SAME ORIGIN^M Status: 403 Type [user-id] not authorized for user role.^M Set-Cookie: PHPSESSID=5093a2c15d0f83e31efce9560ac932e9; path=/; secure; HttpOnly^M ^M <response status = 'error' code = '403'><result><msg>Type [user-id] not authorized for user role.</msg></result></response>
    Jan 25 13:49:18 awc[3596]: parse_awc_header: 864: ssl_read from xxx.xxx.xxx.xxx failure 0 error_count 1