AOS 6.4 or CPPM Palo Alto Updates

last person joined: 20 hours ago

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).

Back to discussions

Expand all | Collapse all

AOS 6.4 or CPPM Palo Alto Updates

This thread has been viewed 0 times

1. AOS 6.4 or CPPM Palo Alto Updates

0 Kudos
kjspgd
Posted Jan 26, 2015 09:52 AM

Reply Reply Privately
Now that AOS 6.4 supports direct Palo Alto User-ID integration via the XMLAPI on the PanOS:

In an environment with both AOS 6.4 Controllers and CPPM, is there a reccomended best practice or preferred Aruba reccomendation as to which of those two sources update the User-ID info in Palo Alto?

Thanks-
Kevin
2. RE: AOS 6.4 or CPPM Palo Alto Updates

0 Kudos
EMPLOYEE

cappalli
Posted Jan 26, 2015 09:55 AM

Reply Reply Privately
You should pick 1 source. I wouldn't recommend using two different sources.

If you are using identity integration on your wired network, it would be
best to use ClearPass as the Palo identity source.
3. RE: AOS 6.4 or CPPM Palo Alto Updates

0 Kudos
dannyjump
Posted Jan 26, 2015 11:22 AM

Reply Reply Privately
Note that CPPM priovdes additional context over AOS to the PANW about an endpoint in the form of HIP Objects.

And I agree with Tim, ONLY use one source as context input to the PANW.

Security

AOS 6.4 or CPPM Palo Alto Updates

1. AOS 6.4 or CPPM Palo Alto Updates

2. RE: AOS 6.4 or CPPM Palo Alto Updates

3. RE: AOS 6.4 or CPPM Palo Alto Updates