Security

 View Only
  • 1.  Clearpass Integration with Palo Alto

    Posted Nov 04, 2024 01:32 PM

    Hi I have followed the instructions for Palo Alto integration with Clearpass but I am having difficulty getting the USER-ID records from Clearpass to the Palo Alto.  I am working to try to setup for a customer to use Onguard to login Clearpass and based on their active directory membership assign them a role and enforcement profile in Clearpass then send the data to the Palo.  I have the first part working and see the web auth request and its getting the PAN-XML profile

    I can see in the Palo Clearpass logging in with the cppm-api account created but I am not seeing any user-id records.
    Any clue what I am missing?


  • 2.  RE: Clearpass Integration with Palo Alto

    Posted Nov 04, 2024 04:13 PM

    Why are you using OnGuard?  Why not an MDM and integrate the MDM with ClearPass?  What is the use-case for allow unknown/unmanaged assets onto the protected network?




  • 3.  RE: Clearpass Integration with Palo Alto

    Posted Nov 04, 2024 04:52 PM

    Hi these are trusted clients inside our network and they need to access these restricted resources behind the Palo Alto firewall (not all clients should get access.)  We dont necessarily have to use On Guard but need to have these clients authenticate somehow to validate AD membership and the firewall will grant access based on the role recieved from Clearpass.




  • 4.  RE: Clearpass Integration with Palo Alto

    Posted Nov 04, 2024 04:55 PM
    Manage these endpoints with an MDM. Push certificates to these endpoints and use EAP-TLS authentication. Integrate that MDM with ClearPass.