华为 韩士良,思科 红头发,华三  尹光成 ,名师免费直播

攻城狮论坛

IE-LAB

作者: Genesis
查看: 499|回复: 161

主题标签Tag

more +今日重磅推荐Recommend No.1

最新网络安全思维导图全集(图片+pdf+原版)最新网络安全思维导图全集(图片+pdf+原版)

more +随机图赏Gallery

尚观CCNA视频教程(22集)金牌讲师 动态原创PPT 学习理解更轻松尚观CCNA视频教程(22集)金牌讲师 动态原创PPT 学习理解更轻松
软考 pdf试卷+视频解析+课程讲解 网络工程师考试考眼分析与样卷解析软考 pdf试卷+视频解析+课程讲解 网络工程师考试考眼分析与样卷解析
大涛正品 网络工程师 5天修炼视频(夯实基础+案例配置+模拟测试)大涛正品 网络工程师 5天修炼视频(夯实基础+案例配置+模拟测试)
200G 程序员高级编程视频 IOS软件开发全套教程(基础+OC语言+Swfit语言+开发实例)200G 程序员高级编程视频 IOS软件开发全套教程(基础+OC语言+Swfit语言+开发实例)
CCNA魔鬼训练营完整版 54课时全 零基础入门到精通CCNA魔鬼训练营完整版 54课时全 零基础入门到精通
2016.12.29 CCNA(200-125)上海960分PASS2016.12.29 CCNA(200-125)上海960分PASS
pinginglab《CCNA公益技术公开课》最强导论课+技术详解视频 33课时pinginglab《CCNA公益技术公开课》最强导论课+技术详解视频 33课时
云帆大数据 8天70集 实战开发视频 Hadoop从入门到上手企业开发云帆大数据 8天70集 实战开发视频 Hadoop从入门到上手企业开发
【实用】面试推荐指导视频 兄弟连 职业素质视频 李明大师深度分析【实用】面试推荐指导视频 兄弟连 职业素质视频 李明大师深度分析
红头发 微奥CCIE R&S v4.0远程培训完整版视频教程 CCIE#15101朱哥得意之作红头发 微奥CCIE R&S v4.0远程培训完整版视频教程 CCIE#15101朱哥得意之作
CCNA(200-125)-2016-12-25-广州-930分通过CCNA(200-125)-2016-12-25-广州-930分通过
CCIE R&S  ---Wolf CCIE直通车林江涛讲解 40G 永恒的经典 WOLF-CCIE RS 高级视频CCIE R&S ---Wolf CCIE直通车林江涛讲解 40G 永恒的经典 WOLF-CCIE RS 高级视频

Aruba ClearPass文档 Palo Alto Networks Advanced Deployment Use-Cases

  [复制链接]
查看: 499|回复: 161
开通VIP 免金币+免回帖+批量下载+无广告
Aruba ClearPass & Palo Alto Networks Advanced Deployment Use-Cases

Aruba ClearPass文档 Palo Alto Networks Advanced Deployment Use-Cases

Aruba ClearPass文档 Palo Alto Networks Advanced Deployment Use-Cases - 攻城狮论坛 - Aruba ClearPass文档 Palo Alto Networks Advanced Deployment Use-Cases

Table
of
Contents
Overview
......................................................................................................................................................................
4
Deploying
CPPM
and
PANW
Overview
......................................................................................................
4
CPPM
Config

A
very
short
recap
...........................................................................................................
5
Brief
review
of
CPPM
/
PANW
exchanged
attributes
.....................................................................
6
Advanced
Deployment
Scenario’s
.....................................................................................................................
8
PANW
Configuration
to
use
AD
Groups
to
enforce
policy
.................................................................
8
Configure
PANW
to
ingest
AD
Groups
information
.........................................................................
8
Configuring
PANW
Rules
to
limit
Access
for
AD
Groups
............................................................
10
PANW
Configuration
to
use
HIP
Objects
to
enforce
policy
............................................................
13
Useful
DEBUG/Info
Commands
for
AD
Group
configuration
on
PANW
..............................
16
CPPM
Configuration
to
support
Guest
MAC
Caching
auth
..............................................................
18
Overview
of
this
feature
...........................................................................................................................
18
Technical
Description
of
the
problem
and
the
resolution
.........................................................
18
Table
of
Figures
Figure
1
-‐
Summary
of
CPPM
configuration
steps
.....................................................................................
5
Figure
2
-‐
HIP
Objects
Options
............................................................................................................................
6
Figure
3
-‐
HIP
OS
Options
.....................................................................................................................................
7
Figure
4
-‐
Adding
an
LDAP
definition
for
AD
...............................................................................................
8
Figure
5
-‐
Defining
PANW
UserID
Group
Mapping
server
.....................................................................
9
Figure
6
-‐
Adding
AD
Group's
to
an
Include
Group
list
.........................................................................
10
Figure
7
-‐
Firewall
rule
'PLM-‐Block-‐Social'
................................................................................................
11
Figure
8
-‐
Firewall
rule
'PLM-‐Block-‐Social'
detailed
info
....................................................................
11
ClearPass
6.3.x
Tech
Note:
CPPM
with
PANW
deployment
scenarios
-‐
TechNote
Aruba
Networks
3
Figure
9
-‐
User
successfully
authenticating
against
AD
........................................................................
11
Figure
10
-‐
Details
of
user
carlos
in
AD
group
plm
.................................................................................
12
Figure
11
-‐
PANW
firewall
logs
shown
allow
and
block
for
traffic
..................................................
12
Figure
12
-‐
Unauthorized
access
attempt
shown
to
the
user
from
the
PANW
...........................
12
Figure
13
-‐
Create
a
HIP
Object
to
match
a
device
running
Windows
XP
.....................................
13
Figure
14
-‐
Adding
multiple
HIP
Objects
to
a
HIP
Report
....................................................................
14
Figure
15
-‐
PANW
firewall
policy
denying
XP
endpoints
based
upon
HIP
Report
...................
14
Figure
16
-‐
Details
behind
the
deny
rule
.....................................................................................................
14
Figure
17
-‐
Traffic
being
denied
based
upon
HIP
Object
data
...........................................................
15
Figure
18
-‐
Example
HIP
Object
sent
to
Palo
Alto
Networks
..............................................................
15
Figure
19
-‐
CLI
command
to
refresh
AD
group
data
..............................................................................
16
Figure
20

CLI
command
to
show
AD
groups
ingested
from
AD
....................................................
16
Figure
21
-‐
CLI
command
to
show
AD
groups
on
firewall
(short
output)
....................................
16
Figure
22
-‐
CLI
command
showing
actual
users
in
AD
groups
(TME)
...........................................
17
Figure
23
-‐
CLI
command
showing
actual
users
in
AD
groups
(PLM)
............................................
17
Figure
24

RADIUS
Enforcement
Profile
with
%{Endpoint:Username}
......................................
19
Figure
25
-‐
CPPM
enforcement
profile
for
PANW
endpoint
prior
to
CPPM
6.3.1
.....................
19
Figure
26
-‐
Pre
6.3.1
Session-‐Check
attributes
.........................................................................................
20
Figure
27
-‐
Post
6.3.1
Session-‐Check
attributes
.......................................................................................
20
Figure
28
-‐
PANW
enforcement
profile
PLUS
MAC
Cache
required
post
CPPM
6.3.1
.............
21



购买主题 已有 3 人购买  本主题需向作者支付 11 金币 才能浏览
CCNA考试 官方正规报名 仅需1500元
回复 论坛版权

使用道具 举报

Genesis [Lv5 不断成长] 发表于 2016-12-30 22:43:49 | 显示全部楼层
11111111111111111111
回复 支持 反对

使用道具 举报

Genesis [Lv5 不断成长] 发表于 2016-12-30 22:43:50 | 显示全部楼层
1111111111111111
回复 支持 反对

使用道具 举报

Genesis [Lv5 不断成长] 发表于 2016-12-30 22:43:51 | 显示全部楼层

2222222222

22222222222
回复 支持 反对

使用道具 举报

Genesis [Lv5 不断成长] 发表于 2016-12-30 22:44:42 | 显示全部楼层
33333333333

评分

参与人数 1金币 -10 收起 理由
宅男女神 -10 勿灌水!禁止纯拼音/纯表情/无意义字符!

查看全部评分

回复 支持 反对

使用道具 举报

聱菅绢隽戒 [Lv5 不断成长] 发表于 2016-12-30 23:41:43 | 显示全部楼层
学习了,谢谢分享、、、
回复 支持 反对

使用道具 举报

海皇CHICBOY [Lv7 精益求精] 发表于 2016-12-30 23:46:15 | 显示全部楼层
现在账号真不容易得到啊,所以看到楼主发帖一定要支持下~
回复 支持 反对

使用道具 举报

wonglaye [Lv5 不断成长] 发表于 2016-12-30 23:51:48 | 显示全部楼层
过来看看的,感谢攻城狮论坛
回复 支持 反对

使用道具 举报

monkeyman [Lv7 精益求精] 发表于 2016-12-31 00:22:57 | 显示全部楼层
攻城狮论坛的资料就是全,在这里找不到的资料在其他网站也很难找到!
回复 支持 反对

使用道具 举报

monkeyman [Lv7 精益求精] 发表于 2016-12-31 00:23:18 | 显示全部楼层
攻城狮论坛的资料就是全,在这里找不到的资料在其他网站也很难找到!
回复 支持 反对

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

官方QQ群

QQ|无图浏览|手机版|网站地图|攻城狮论坛 ( 京ICP备12049419号 )|网站地图

GMT+8, 2017-1-18 07:39 , Processed in 0.254400 second(s), 28 queries , Gzip On, Memcache On.

Powered by Discuz! X3.2 © 2001-2013 Comsenz Inc.

Designed by ARTERY.cn