本站已运行
-
作者: Genesis
查看: 15364|回复: 229
主题标签Tag
more +今日重磅推荐Recommend No.1
所有IT类厂商认证考试题库下载more +社区更新Forums
more +随机图赏Gallery
【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器
Aruba ClearPass文档 Palo Alto Networks Advanced Deployment Use-Cases
[复制链接]
|
 Aruba ClearPass & Palo Alto Networks Advanced Deployment Use-Cases
Aruba ClearPass文档 Palo Alto Networks Advanced Deployment Use-Cases 
Table of Contents Overview ...................................................................................................................................................................... 4 Deploying CPPM and PANW Overview ...................................................................................................... 4 CPPM Config – A very short recap ........................................................................................................... 5 Brief review of CPPM / PANW exchanged attributes ..................................................................... 6 Advanced Deployment Scenario’s ..................................................................................................................... 8 PANW Configuration to use AD Groups to enforce policy ................................................................. 8 Configure PANW to ingest AD Groups information ......................................................................... 8 Configuring PANW Rules to limit Access for AD Groups ............................................................ 10 PANW Configuration to use HIP Objects to enforce policy ............................................................ 13 Useful DEBUG/Info Commands for AD Group configuration on PANW .............................. 16 CPPM Configuration to support Guest MAC Caching auth .............................................................. 18 Overview of this feature ........................................................................................................................... 18 Technical Description of the problem and the resolution ......................................................... 18 Table of Figures Figure 1 -‐ Summary of CPPM configuration steps ..................................................................................... 5 Figure 2 -‐ HIP Objects Options ............................................................................................................................ 6 Figure 3 -‐ HIP OS Options ..................................................................................................................................... 7 Figure 4 -‐ Adding an LDAP definition for AD ............................................................................................... 8 Figure 5 -‐ Defining PANW UserID Group Mapping server ..................................................................... 9 Figure 6 -‐ Adding AD Group's to an Include Group list ......................................................................... 10 Figure 7 -‐ Firewall rule 'PLM-‐Block-‐Social' ................................................................................................ 11 Figure 8 -‐ Firewall rule 'PLM-‐Block-‐Social' detailed info .................................................................... 11 ClearPass 6.3.x Tech Note: CPPM with PANW deployment scenarios -‐ TechNote Aruba Networks 3 Figure 9 -‐ User successfully authenticating against AD ........................................................................ 11 Figure 10 -‐ Details of user carlos in AD group plm ................................................................................. 12 Figure 11 -‐ PANW firewall logs shown allow and block for traffic .................................................. 12 Figure 12 -‐ Unauthorized access attempt shown to the user from the PANW ........................... 12 Figure 13 -‐ Create a HIP Object to match a device running Windows XP ..................................... 13 Figure 14 -‐ Adding multiple HIP Objects to a HIP Report .................................................................... 14 Figure 15 -‐ PANW firewall policy denying XP endpoints based upon HIP Report ................... 14 Figure 16 -‐ Details behind the deny rule ..................................................................................................... 14 Figure 17 -‐ Traffic being denied based upon HIP Object data ........................................................... 15 Figure 18 -‐ Example HIP Object sent to Palo Alto Networks .............................................................. 15 Figure 19 -‐ CLI command to refresh AD group data .............................................................................. 16 Figure 20 – CLI command to show AD groups ingested from AD .................................................... 16 Figure 21 -‐ CLI command to show AD groups on firewall (short output) .................................... 16 Figure 22 -‐ CLI command showing actual users in AD groups (TME) ........................................... 17 Figure 23 -‐ CLI command showing actual users in AD groups (PLM) ............................................ 17 Figure 24 – RADIUS Enforcement Profile with %{Endpoint:Username} ...................................... 19 Figure 25 -‐ CPPM enforcement profile for PANW endpoint prior to CPPM 6.3.1 ..................... 19 Figure 26 -‐ Pre 6.3.1 Session-‐Check attributes ......................................................................................... 20 Figure 27 -‐ Post 6.3.1 Session-‐Check attributes ....................................................................................... 20 Figure 28 -‐ PANW enforcement profile PLUS MAC Cache required post CPPM 6.3.1 ............. 21
购买主题
已有 14 人购买
本主题需向作者支付 11 金币 才能浏览
|
相关帖子 |
| |
|
|
| |
| |
