攻城狮论坛

IE-LAB

作者: Genesis
查看: 933|回复: 169

主题标签Tag

more +今日重磅推荐Recommend No.1

GNS3 2.0.0正式稳定版,赶快更新哦!GNS3 2.0.0正式稳定版,赶快更新哦!

more +随机图赏Gallery

94集 高手来 美国斯坦福大学 顶级数据分析视频教程 全英文+字幕+google教材94集 高手来 美国斯坦福大学 顶级数据分析视频教程 全英文+字幕+google教材
8周学习 大数据的顶级统计学视频学习教程 美国大学必修学分 英文+字幕+pdf文档8周学习 大数据的顶级统计学视频学习教程 美国大学必修学分 英文+字幕+pdf文档
ISP高手系列 27集BGP专题视频 乾颐堂安德CCIEv5 运营商ISP视频 QYT Ander CCIEv5ISP高手系列 27集BGP专题视频 乾颐堂安德CCIEv5 运营商ISP视频 QYT Ander CCIEv5
亁颐堂CCNA-Security 2017第2版(2017年6月最新版)CCNA安全视频教程亁颐堂CCNA-Security 2017第2版(2017年6月最新版)CCNA安全视频教程
80G 炼数成金 培训视频集 Openstack+数据库+PYTHON+大数据80G 炼数成金 培训视频集 Openstack+数据库+PYTHON+大数据
Oracle全套学习资料(88GB)绝对真实有效 很多资料是第一次分享Oracle全套学习资料(88GB)绝对真实有效 很多资料是第一次分享
2017最新6IE讲师闫辉XCNA(CCNA+HCNA)课程精讲2017最新6IE讲师闫辉XCNA(CCNA+HCNA)课程精讲
很实用的文档 路由器和交换机配置命令总结 可以直接复制粘贴 都总结好了很实用的文档 路由器和交换机配置命令总结 可以直接复制粘贴 都总结好了
所有迪普设备文档操作手册白皮书等等等,史上最全最新所有迪普设备文档操作手册白皮书等等等,史上最全最新
PingingLab CCNA完全配置宝典【完整版】PingingLab CCNA完全配置宝典【完整版】
QYT 乾颐堂 军哥 CCNAv3.0完全实验课,送模拟器及笔记QYT 乾颐堂 军哥 CCNAv3.0完全实验课,送模拟器及笔记
[天津] CCNA PASS[天津] CCNA PASS

Aruba ClearPass文档 Palo Alto Networks Advanced Deployment Use-Cases

  [复制链接]
查看: 933|回复: 169
开通VIP 免金币+免回帖+批量下载+无广告
Aruba ClearPass & Palo Alto Networks Advanced Deployment Use-Cases

Aruba ClearPass文档 Palo Alto Networks Advanced Deployment Use-Cases

Aruba ClearPass文档 Palo Alto Networks Advanced Deployment Use-Cases - 攻城狮论坛 - Aruba ClearPass文档 Palo Alto Networks Advanced Deployment Use-Cases

Table
of
Contents
Overview
......................................................................................................................................................................
4
Deploying
CPPM
and
PANW
Overview
......................................................................................................
4
CPPM
Config

A
very
short
recap
...........................................................................................................
5
Brief
review
of
CPPM
/
PANW
exchanged
attributes
.....................................................................
6
Advanced
Deployment
Scenario’s
.....................................................................................................................
8
PANW
Configuration
to
use
AD
Groups
to
enforce
policy
.................................................................
8
Configure
PANW
to
ingest
AD
Groups
information
.........................................................................
8
Configuring
PANW
Rules
to
limit
Access
for
AD
Groups
............................................................
10
PANW
Configuration
to
use
HIP
Objects
to
enforce
policy
............................................................
13
Useful
DEBUG/Info
Commands
for
AD
Group
configuration
on
PANW
..............................
16
CPPM
Configuration
to
support
Guest
MAC
Caching
auth
..............................................................
18
Overview
of
this
feature
...........................................................................................................................
18
Technical
Description
of
the
problem
and
the
resolution
.........................................................
18
Table
of
Figures
Figure
1
-‐
Summary
of
CPPM
configuration
steps
.....................................................................................
5
Figure
2
-‐
HIP
Objects
Options
............................................................................................................................
6
Figure
3
-‐
HIP
OS
Options
.....................................................................................................................................
7
Figure
4
-‐
Adding
an
LDAP
definition
for
AD
...............................................................................................
8
Figure
5
-‐
Defining
PANW
UserID
Group
Mapping
server
.....................................................................
9
Figure
6
-‐
Adding
AD
Group's
to
an
Include
Group
list
.........................................................................
10
Figure
7
-‐
Firewall
rule
'PLM-‐Block-‐Social'
................................................................................................
11
Figure
8
-‐
Firewall
rule
'PLM-‐Block-‐Social'
detailed
info
....................................................................
11
ClearPass
6.3.x
Tech
Note:
CPPM
with
PANW
deployment
scenarios
-‐
TechNote
Aruba
Networks
3
Figure
9
-‐
User
successfully
authenticating
against
AD
........................................................................
11
Figure
10
-‐
Details
of
user
carlos
in
AD
group
plm
.................................................................................
12
Figure
11
-‐
PANW
firewall
logs
shown
allow
and
block
for
traffic
..................................................
12
Figure
12
-‐
Unauthorized
access
attempt
shown
to
the
user
from
the
PANW
...........................
12
Figure
13
-‐
Create
a
HIP
Object
to
match
a
device
running
Windows
XP
.....................................
13
Figure
14
-‐
Adding
multiple
HIP
Objects
to
a
HIP
Report
....................................................................
14
Figure
15
-‐
PANW
firewall
policy
denying
XP
endpoints
based
upon
HIP
Report
...................
14
Figure
16
-‐
Details
behind
the
deny
rule
.....................................................................................................
14
Figure
17
-‐
Traffic
being
denied
based
upon
HIP
Object
data
...........................................................
15
Figure
18
-‐
Example
HIP
Object
sent
to
Palo
Alto
Networks
..............................................................
15
Figure
19
-‐
CLI
command
to
refresh
AD
group
data
..............................................................................
16
Figure
20

CLI
command
to
show
AD
groups
ingested
from
AD
....................................................
16
Figure
21
-‐
CLI
command
to
show
AD
groups
on
firewall
(short
output)
....................................
16
Figure
22
-‐
CLI
command
showing
actual
users
in
AD
groups
(TME)
...........................................
17
Figure
23
-‐
CLI
command
showing
actual
users
in
AD
groups
(PLM)
............................................
17
Figure
24

RADIUS
Enforcement
Profile
with
%{Endpoint:Username}
......................................
19
Figure
25
-‐
CPPM
enforcement
profile
for
PANW
endpoint
prior
to
CPPM
6.3.1
.....................
19
Figure
26
-‐
Pre
6.3.1
Session-‐Check
attributes
.........................................................................................
20
Figure
27
-‐
Post
6.3.1
Session-‐Check
attributes
.......................................................................................
20
Figure
28
-‐
PANW
enforcement
profile
PLUS
MAC
Cache
required
post
CPPM
6.3.1
.............
21



购买主题 已有 4 人购买  本主题需向作者支付 11 金币 才能浏览
CCNA考试 官方正规报名 仅需1500元
回复 论坛版权

使用道具 举报

Genesis [Lv6 略有所成] 发表于 2016-12-30 22:43:49 | 显示全部楼层
11111111111111111111
回复 支持 反对

使用道具 举报

Genesis [Lv6 略有所成] 发表于 2016-12-30 22:43:50 | 显示全部楼层
1111111111111111
回复 支持 反对

使用道具 举报

Genesis [Lv6 略有所成] 发表于 2016-12-30 22:43:51 | 显示全部楼层

2222222222

22222222222
回复 支持 反对

使用道具 举报

Genesis [Lv6 略有所成] 发表于 2016-12-30 22:44:42 | 显示全部楼层
33333333333

评分

参与人数 1金币 -10 收起 理由
宅男女神 -10 勿灌水!禁止纯拼音/纯表情/无意义字符!

查看全部评分

回复 支持 反对

使用道具 举报

聱菅绢隽戒 [Lv5 不断成长] 发表于 2016-12-30 23:41:43 | 显示全部楼层
学习了,谢谢分享、、、
回复 支持 反对

使用道具 举报

海皇CHICBOY [Lv7 精益求精] 发表于 2016-12-30 23:46:15 | 显示全部楼层
现在账号真不容易得到啊,所以看到楼主发帖一定要支持下~
回复 支持 反对

使用道具 举报

wonglaye [Lv5 不断成长] 发表于 2016-12-30 23:51:48 | 显示全部楼层
过来看看的,感谢攻城狮论坛
回复 支持 反对

使用道具 举报

monkeyman [Lv8 技术精悍] 发表于 2016-12-31 00:22:57 | 显示全部楼层
攻城狮论坛的资料就是全,在这里找不到的资料在其他网站也很难找到!
回复 支持 反对

使用道具 举报

monkeyman [Lv8 技术精悍] 发表于 2016-12-31 00:23:18 | 显示全部楼层
攻城狮论坛的资料就是全,在这里找不到的资料在其他网站也很难找到!
回复 支持 反对

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

官方QQ群

QQ|无图浏览|手机版|网站地图|攻城狮论坛 ( 京ICP备12049419号 )|网站地图

GMT+8, 2017-6-22 22:20 , Processed in 0.276649 second(s), 25 queries , Gzip On, Memcache On.

Powered by Discuz! X3.2 © 2001-2013 Comsenz Inc.

Designed by ARTERY.cn