Manage these endpoints with an MDM. Push certificates to these endpoints and use EAP-TLS authentication. Integrate that MDM with ClearPass.
Original Message:
Sent: 11/4/2024 4:52:00 PM
From: KP22
Subject: RE: Clearpass Integration with Palo Alto
Hi these are trusted clients inside our network and they need to access these restricted resources behind the Palo Alto firewall (not all clients should get access.) We dont necessarily have to use On Guard but need to have these clients authenticate somehow to validate AD membership and the firewall will grant access based on the role recieved from Clearpass.
Original Message:
Sent: Nov 04, 2024 04:13 PM
From: Unknown User
Subject: Clearpass Integration with Palo Alto
Why are you using OnGuard? Why not an MDM and integrate the MDM with ClearPass? What is the use-case for allow unknown/unmanaged assets onto the protected network?
Original Message:
Sent: Nov 04, 2024 09:40 AM
From: KP22
Subject: Clearpass Integration with Palo Alto
Hi I have followed the instructions for Palo Alto integration with Clearpass but I am having difficulty getting the USER-ID records from Clearpass to the Palo Alto. I am working to try to setup for a customer to use Onguard to login Clearpass and based on their active directory membership assign them a role and enforcement profile in Clearpass then send the data to the Palo. I have the first part working and see the web auth request and its getting the PAN-XML profile
I can see in the Palo Clearpass logging in with the cppm-api account created but I am not seeing any user-id records.
Any clue what I am missing?