SlideShare a Scribd company logo

Cisco Wireless LAN Controller Palo Alto Networks Config Guide

Alberto Rivai
Alberto Rivai

Cisco Wireless LAN Controller Palo Alto Networks Configuration Guide

Technology
1 of 13
Palo Alto Networks PANOS 6.1, Cisco WLC 5500, Kiwi Syslogd integration guide Alberto Rivai Systems Engineer – Major Accounts Palo Alto Networks Melbourne, Australia
Summary  PAN-OS 6.0 introduced the ability to use the Palo Alto Networks firewall and the User-ID Agent as a syslog listener for collecting syslogs from different systems in the network, and to map users to IP addresses. The user to IP mappings could be used in security rules and policies.  The problem with Cisco Wireless LAN Controller, it does not send successful user authentication message through syslog. Cisco WLC generates SNMP traps which we can utilize to get the user to IP mapping.  This document shows a quick configuration guide on how to configure Cisco WLC to send SNMP traps to Kiwi Syslogd, which then converts and forwards the messages through syslog protocol to Palo Alto Networks syslog receiver. 2 | ©2014, Palo Alto Networks. Confidential and Proprietary.
Cisco WLC configuration  Create SNMP receiver by going to Management tab and Trap Receivers 3 | ©2014, Palo Alto Networks. Confidential and Proprietary.
Kiwi Syslogd configuration - 1  Open Kiwi Syslog server console, go to File -> Setup  Right click on Actions and create a new action 4 | ©2014, Palo Alto Networks. Confidential and Proprietary.
Kiwi Syslogd configuration - 2  Select Forward to another host  Enter the IP address of the Palo Alto Networks syslog receiver 5 | ©2014, Palo Alto Networks. Confidential and Proprietary.
Palo Alto Networks configuration - 1  Login to the WebUI  Go to Device -> User Identification  Click on the gear icon on the Palo Alto Networks User ID Agent setup window 6 | ©2014, Palo Alto Networks. Confidential and Proprietary.
Palo Alto Networks configuration - 2  Go to Syslog Filters tab and click Add  Select Field Identifier 7 | ©2014, Palo Alto Networks. Confidential and Proprietary.
Palo Alto Networks configuration - 3  Use the below identifier to identify the syslog message  Event String : enterprise=1.3.6.1.4.1.9.9.599.0.4  Username Prefix : 1.3.6.1.4.1.9.9.599.1.3.1.1.27.0=  Username Delimiter : ,  Address Prefix : cldcClientIPAddress.0=  Address Delimiter : , 8 | ©2014, Palo Alto Networks. Confidential and Proprietary.
Palo Alto Networks configuration - 4  Add Server Monitoring, go to Device – User Identification and click Add under Server Monitoring window  Select type : Syslog Sender and enter the IP address of Kiwi Syslogd server 9 | ©2014, Palo Alto Networks. Confidential and Proprietary.
Palo Alto Networks configuration - 5  Verify that the Syslog receiver is enabled  Go to Device – Setup – Management – Management Interface Setting 10 | ©2014, Palo Alto Networks. Confidential and Proprietary.
Verify syslog receiver  Execute the below command  admin@PA-200-arivai> show user server-monitor <syslog receiver name>  You will see the number of log messages increasing 11 | ©2014, Palo Alto Networks. Confidential and Proprietary.
Verify syslog receiver  To identify if the syslog receiver successfully parsed the message and identify users, execute the below command  admin@PA-200-arivai> show user ip-user-mapping all type SYSLOG 12 | ©2014, Palo Alto Networks. Confidential and Proprietary.
13 | ©2014, Palo Alto Networks. Confidential and Proprietary.

Recommended

Access Network Evolution
Access Network Evolution Access Network Evolution
Access Network Evolution Cisco Canada
 
PCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdfPCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdfControlCase
 
Enterprise architecture artefacts
Enterprise architecture artefactsEnterprise architecture artefacts
Enterprise architecture artefactsBrian Loomis
 
Low level design template (1)
Low level design template (1)Low level design template (1)
Low level design template (1)anosha jamshed
 
Introduction to PCI DSS
Introduction to PCI DSSIntroduction to PCI DSS
Introduction to PCI DSSSaumya Vishnoi
 
FIWARE Training: FIWARE Training: i4Trust Marketplace
FIWARE Training: FIWARE Training: i4Trust MarketplaceFIWARE Training: FIWARE Training: i4Trust Marketplace
FIWARE Training: FIWARE Training: i4Trust MarketplaceFIWARE
 
Role-Based Access Control
Role-Based Access ControlRole-Based Access Control
Role-Based Access ControlEmpowerID
 
uCPE and VNFs Explained
uCPE and VNFs ExplaineduCPE and VNFs Explained
uCPE and VNFs ExplainedAlan Percy
 

Recommended

Access Network Evolution
Access Network Evolution Access Network Evolution
Access Network Evolution Cisco Canada
 
PCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdfPCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdfControlCase
 
Enterprise architecture artefacts
Enterprise architecture artefactsEnterprise architecture artefacts
Enterprise architecture artefactsBrian Loomis
 
Low level design template (1)
Low level design template (1)Low level design template (1)
Low level design template (1)anosha jamshed
 
Introduction to PCI DSS
Introduction to PCI DSSIntroduction to PCI DSS
Introduction to PCI DSSSaumya Vishnoi
 
FIWARE Training: FIWARE Training: i4Trust Marketplace
FIWARE Training: FIWARE Training: i4Trust MarketplaceFIWARE Training: FIWARE Training: i4Trust Marketplace
FIWARE Training: FIWARE Training: i4Trust MarketplaceFIWARE
 
Role-Based Access Control
Role-Based Access ControlRole-Based Access Control
Role-Based Access ControlEmpowerID
 
uCPE and VNFs Explained
uCPE and VNFs ExplaineduCPE and VNFs Explained
uCPE and VNFs ExplainedAlan Percy
 
Digital Attribution Modeling Using Apache Spark-(Anny Chen and William Yan, A...
Digital Attribution Modeling Using Apache Spark-(Anny Chen and William Yan, A...Digital Attribution Modeling Using Apache Spark-(Anny Chen and William Yan, A...
Digital Attribution Modeling Using Apache Spark-(Anny Chen and William Yan, A...Spark Summit
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKMaganathin Veeraragaloo
 
Cisco Product & Solutions Overview
Cisco Product & Solutions OverviewCisco Product & Solutions Overview
Cisco Product & Solutions OverviewEmirates Computers
 
63 Requirements for CASB
63 Requirements for CASB63 Requirements for CASB
63 Requirements for CASBKyle Watson
 
OAuth 2.0 with IBM WebSphere DataPower
OAuth 2.0 with IBM WebSphere DataPowerOAuth 2.0 with IBM WebSphere DataPower
OAuth 2.0 with IBM WebSphere DataPowerShiu-Fun Poon
 
Supplier And Service Provider Governance
Supplier And Service Provider GovernanceSupplier And Service Provider Governance
Supplier And Service Provider GovernanceAlan McSweeney
 
DTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioDTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioShah Sheikh
 
Packet icons 2 2-06
Packet icons 2 2-06Packet icons 2 2-06
Packet icons 2 2-06Angel Ramiro Hurtado Hurtado
 
Fortinet sandboxing
Fortinet sandboxingFortinet sandboxing
Fortinet sandboxingNick Straughan
 
Doing Enterprise Architecture
Doing Enterprise ArchitectureDoing Enterprise Architecture
Doing Enterprise ArchitectureJohn Macasio
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with SplunkSplunk
 
Juniper for Enterprise
Juniper for EnterpriseJuniper for Enterprise
Juniper for EnterpriseMarketingArrowECS_CZ
 
Api Gateway
Api GatewayApi Gateway
Api GatewayKhaqanAshraf
 
Cloud Decision Framework
Cloud Decision FrameworkCloud Decision Framework
Cloud Decision FrameworkNetApp
 
Comcast SIP Technical Description
Comcast SIP Technical DescriptionComcast SIP Technical Description
Comcast SIP Technical DescriptionMichaelBencic2
 
Event-driven Architecture
Event-driven ArchitectureEvent-driven Architecture
Event-driven ArchitectureCentric Consulting
 
Data Onboarding Breakout Session
Data Onboarding Breakout SessionData Onboarding Breakout Session
Data Onboarding Breakout SessionSplunk
 
Technical Overview of Cisco Catalyst 9200 Series Switches
Technical Overview of Cisco Catalyst 9200 Series SwitchesTechnical Overview of Cisco Catalyst 9200 Series Switches
Technical Overview of Cisco Catalyst 9200 Series SwitchesRobb Boyd
 
Building Event Driven (Micro)services with Apache Kafka
Building Event Driven (Micro)services with Apache KafkaBuilding Event Driven (Micro)services with Apache Kafka
Building Event Driven (Micro)services with Apache KafkaGuido Schmutz
 
Single sign on - benefits, challenges and case study : iFour consultancy
Single sign on - benefits, challenges and case study : iFour consultancySingle sign on - benefits, challenges and case study : iFour consultancy
Single sign on - benefits, challenges and case study : iFour consultancyDevam Shah
 
Palo alto networks NAT flow logic
Palo alto networks NAT flow logicPalo alto networks NAT flow logic
Palo alto networks NAT flow logicAlberto Rivai
 
User expert forum user-id
User expert forum user-idUser expert forum user-id
User expert forum user-idAlberto Rivai
 

More Related Content

What's hot

Digital Attribution Modeling Using Apache Spark-(Anny Chen and William Yan, A...
Digital Attribution Modeling Using Apache Spark-(Anny Chen and William Yan, A...Digital Attribution Modeling Using Apache Spark-(Anny Chen and William Yan, A...
Digital Attribution Modeling Using Apache Spark-(Anny Chen and William Yan, A...Spark Summit
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKMaganathin Veeraragaloo
 
Cisco Product & Solutions Overview
Cisco Product & Solutions OverviewCisco Product & Solutions Overview
Cisco Product & Solutions OverviewEmirates Computers
 
63 Requirements for CASB
63 Requirements for CASB63 Requirements for CASB
63 Requirements for CASBKyle Watson
 
OAuth 2.0 with IBM WebSphere DataPower
OAuth 2.0 with IBM WebSphere DataPowerOAuth 2.0 with IBM WebSphere DataPower
OAuth 2.0 with IBM WebSphere DataPowerShiu-Fun Poon
 
Supplier And Service Provider Governance
Supplier And Service Provider GovernanceSupplier And Service Provider Governance
Supplier And Service Provider GovernanceAlan McSweeney
 
DTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioDTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioShah Sheikh
 
Doing Enterprise Architecture
Doing Enterprise ArchitectureDoing Enterprise Architecture
Doing Enterprise ArchitectureJohn Macasio
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with SplunkSplunk
 
Cloud Decision Framework
Cloud Decision FrameworkCloud Decision Framework
Cloud Decision FrameworkNetApp
 
Comcast SIP Technical Description
Comcast SIP Technical DescriptionComcast SIP Technical Description
Comcast SIP Technical DescriptionMichaelBencic2
 
Data Onboarding Breakout Session
Data Onboarding Breakout SessionData Onboarding Breakout Session
Data Onboarding Breakout SessionSplunk
 
Technical Overview of Cisco Catalyst 9200 Series Switches
Technical Overview of Cisco Catalyst 9200 Series SwitchesTechnical Overview of Cisco Catalyst 9200 Series Switches
Technical Overview of Cisco Catalyst 9200 Series SwitchesRobb Boyd
 
Building Event Driven (Micro)services with Apache Kafka
Building Event Driven (Micro)services with Apache KafkaBuilding Event Driven (Micro)services with Apache Kafka
Building Event Driven (Micro)services with Apache KafkaGuido Schmutz
 
Single sign on - benefits, challenges and case study : iFour consultancy
Single sign on - benefits, challenges and case study : iFour consultancySingle sign on - benefits, challenges and case study : iFour consultancy
Single sign on - benefits, challenges and case study : iFour consultancyDevam Shah
 

What's hot (20)

Digital Attribution Modeling Using Apache Spark-(Anny Chen and William Yan, A...
Digital Attribution Modeling Using Apache Spark-(Anny Chen and William Yan, A...Digital Attribution Modeling Using Apache Spark-(Anny Chen and William Yan, A...
Digital Attribution Modeling Using Apache Spark-(Anny Chen and William Yan, A...
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
 
Cisco Product & Solutions Overview
Cisco Product & Solutions OverviewCisco Product & Solutions Overview
Cisco Product & Solutions Overview
 
63 Requirements for CASB
63 Requirements for CASB63 Requirements for CASB
63 Requirements for CASB
 
OAuth 2.0 with IBM WebSphere DataPower
OAuth 2.0 with IBM WebSphere DataPowerOAuth 2.0 with IBM WebSphere DataPower
OAuth 2.0 with IBM WebSphere DataPower
 
Supplier And Service Provider Governance
Supplier And Service Provider GovernanceSupplier And Service Provider Governance
Supplier And Service Provider Governance
 
DTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioDTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services Portfolio
 
Packet icons 2 2-06
Packet icons 2 2-06Packet icons 2 2-06
Packet icons 2 2-06
 
Fortinet sandboxing
Fortinet sandboxingFortinet sandboxing
Fortinet sandboxing
 
Doing Enterprise Architecture
Doing Enterprise ArchitectureDoing Enterprise Architecture
Doing Enterprise Architecture
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with Splunk
 
Juniper for Enterprise
Juniper for EnterpriseJuniper for Enterprise
Juniper for Enterprise
 
Api Gateway
Api GatewayApi Gateway
Api Gateway
 
Cloud Decision Framework
Cloud Decision FrameworkCloud Decision Framework
Cloud Decision Framework
 
Comcast SIP Technical Description
Comcast SIP Technical DescriptionComcast SIP Technical Description
Comcast SIP Technical Description
 
Event-driven Architecture
Event-driven ArchitectureEvent-driven Architecture
Event-driven Architecture
 
Data Onboarding Breakout Session
Data Onboarding Breakout SessionData Onboarding Breakout Session
Data Onboarding Breakout Session
 
Technical Overview of Cisco Catalyst 9200 Series Switches
Technical Overview of Cisco Catalyst 9200 Series SwitchesTechnical Overview of Cisco Catalyst 9200 Series Switches
Technical Overview of Cisco Catalyst 9200 Series Switches
 
Building Event Driven (Micro)services with Apache Kafka
Building Event Driven (Micro)services with Apache KafkaBuilding Event Driven (Micro)services with Apache Kafka
Building Event Driven (Micro)services with Apache Kafka
 
Single sign on - benefits, challenges and case study : iFour consultancy
Single sign on - benefits, challenges and case study : iFour consultancySingle sign on - benefits, challenges and case study : iFour consultancy
Single sign on - benefits, challenges and case study : iFour consultancy
 

Viewers also liked

Palo alto networks NAT flow logic
Palo alto networks NAT flow logicPalo alto networks NAT flow logic
Palo alto networks NAT flow logicAlberto Rivai
 
User expert forum user-id
User expert forum user-idUser expert forum user-id
User expert forum user-idAlberto Rivai
 
Palo Alto Networks authentication
Palo Alto Networks authenticationPalo Alto Networks authentication
Palo Alto Networks authenticationAlberto Rivai
 
User id installation and configuration
User id installation and configurationUser id installation and configuration
User id installation and configurationAlberto Rivai
 
User Expert forum Wildfire configuration
User Expert forum Wildfire configurationUser Expert forum Wildfire configuration
User Expert forum Wildfire configurationAlberto Rivai
 
Unified Access Update - 11AC and Switching Platform
Unified Access Update - 11AC and Switching PlatformUnified Access Update - 11AC and Switching Platform
Unified Access Update - 11AC and Switching PlatformCisco Canada
 
Cisco Unified Wireless Network and Converged access – Design session
Cisco Unified Wireless Network and Converged access – Design sessionCisco Unified Wireless Network and Converged access – Design session
Cisco Unified Wireless Network and Converged access – Design sessionCisco Russia
 
Introduction to cisco wireless
Introduction to cisco wirelessIntroduction to cisco wireless
Introduction to cisco wirelessAble George
 
Palo Alto Networks PANOS 5.0 Radius Authentication OTP using Yubikey
Palo Alto Networks PANOS 5.0 Radius Authentication OTP using YubikeyPalo Alto Networks PANOS 5.0 Radius Authentication OTP using Yubikey
Palo Alto Networks PANOS 5.0 Radius Authentication OTP using YubikeyAlberto Rivai
 
Datasheet Cisco AP1600series, AP2600series, AP Controller 2500 series
Datasheet Cisco AP1600series, AP2600series, AP Controller 2500 seriesDatasheet Cisco AP1600series, AP2600series, AP Controller 2500 series
Datasheet Cisco AP1600series, AP2600series, AP Controller 2500 seriesDani Royman Simanjuntak
 
Big Ip Global Traffic Manager Ds
Big Ip Global Traffic Manager DsBig Ip Global Traffic Manager Ds
Big Ip Global Traffic Manager DsSteven_Jackson
 
Network Security - Layer 2
Network Security - Layer 2Network Security - Layer 2
Network Security - Layer 2samis
 
F5 BIG-IP Web-based Customer Training
F5 BIG-IP Web-based Customer TrainingF5 BIG-IP Web-based Customer Training
F5 BIG-IP Web-based Customer TrainingF5 Networks
 
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)BAKOTECH
 
Wireless Controller Comparative Performance Cisco vs Aruba Miercom Report
Wireless Controller Comparative Performance Cisco vs Aruba Miercom ReportWireless Controller Comparative Performance Cisco vs Aruba Miercom Report
Wireless Controller Comparative Performance Cisco vs Aruba Miercom ReportCisco Mobility
 

Viewers also liked (20)

Palo alto networks NAT flow logic
Palo alto networks NAT flow logicPalo alto networks NAT flow logic
Palo alto networks NAT flow logic
 
User expert forum user-id
User expert forum user-idUser expert forum user-id
User expert forum user-id
 
Palo Alto Networks authentication
Palo Alto Networks authenticationPalo Alto Networks authentication
Palo Alto Networks authentication
 
User id installation and configuration
User id installation and configurationUser id installation and configuration
User id installation and configuration
 
User Expert forum Wildfire configuration
User Expert forum Wildfire configurationUser Expert forum Wildfire configuration
User Expert forum Wildfire configuration
 
Unified Access Update - 11AC and Switching Platform
Unified Access Update - 11AC and Switching PlatformUnified Access Update - 11AC and Switching Platform
Unified Access Update - 11AC and Switching Platform
 
Cisco Unified Wireless Network and Converged access – Design session
Cisco Unified Wireless Network and Converged access – Design sessionCisco Unified Wireless Network and Converged access – Design session
Cisco Unified Wireless Network and Converged access – Design session
 
Introduction to cisco wireless
Introduction to cisco wirelessIntroduction to cisco wireless
Introduction to cisco wireless
 
Palo Alto Networks PANOS 5.0 Radius Authentication OTP using Yubikey
Palo Alto Networks PANOS 5.0 Radius Authentication OTP using YubikeyPalo Alto Networks PANOS 5.0 Radius Authentication OTP using Yubikey
Palo Alto Networks PANOS 5.0 Radius Authentication OTP using Yubikey
 
Datasheet Cisco AP1600series, AP2600series, AP Controller 2500 series
Datasheet Cisco AP1600series, AP2600series, AP Controller 2500 seriesDatasheet Cisco AP1600series, AP2600series, AP Controller 2500 series
Datasheet Cisco AP1600series, AP2600series, AP Controller 2500 series
 
BACIK CISCO SKILLS
BACIK CISCO SKILLSBACIK CISCO SKILLS
BACIK CISCO SKILLS
 
Big Ip Global Traffic Manager Ds
Big Ip Global Traffic Manager DsBig Ip Global Traffic Manager Ds
Big Ip Global Traffic Manager Ds
 
Nat
NatNat
Nat
 
Firewall basics
Firewall basicsFirewall basics
Firewall basics
 
NAT Traversal
NAT TraversalNAT Traversal
NAT Traversal
 
Network Security - Layer 2
Network Security - Layer 2Network Security - Layer 2
Network Security - Layer 2
 
F5 BIG-IP Web-based Customer Training
F5 BIG-IP Web-based Customer TrainingF5 BIG-IP Web-based Customer Training
F5 BIG-IP Web-based Customer Training
 
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
 
Configuration F5 BIG IP ASM v12
Configuration F5 BIG IP ASM v12Configuration F5 BIG IP ASM v12
Configuration F5 BIG IP ASM v12
 
Wireless Controller Comparative Performance Cisco vs Aruba Miercom Report
Wireless Controller Comparative Performance Cisco vs Aruba Miercom ReportWireless Controller Comparative Performance Cisco vs Aruba Miercom Report
Wireless Controller Comparative Performance Cisco vs Aruba Miercom Report
 

Similar to Cisco Wireless LAN Controller Palo Alto Networks Config Guide

CCNAv5 - S4: Chapter8 monitoring the network
CCNAv5 - S4: Chapter8 monitoring the networkCCNAv5 - S4: Chapter8 monitoring the network
CCNAv5 - S4: Chapter8 monitoring the networkVuz Dở Hơi
 
CCNA_RSE_Chp10.pptx
CCNA_RSE_Chp10.pptxCCNA_RSE_Chp10.pptx
CCNA_RSE_Chp10.pptxHugoGamez7
 
25.3.11 packet tracer logging from multiple sources
25.3.11 packet tracer logging from multiple sources25.3.11 packet tracer logging from multiple sources
25.3.11 packet tracer logging from multiple sourcesFreddy Buenaño
 
Copyright © 2016 VIT, All Rights Reserved. VIT and its log.docx
Copyright © 2016 VIT, All Rights Reserved. VIT and its log.docxCopyright © 2016 VIT, All Rights Reserved. VIT and its log.docx
Copyright © 2016 VIT, All Rights Reserved. VIT and its log.docxbobbywlane695641
 
Cisco acs configuration guide
Cisco acs configuration guideCisco acs configuration guide
Cisco acs configuration guideRichardsCCNA
 
Clearswift f5 implementation_technical guide
Clearswift f5 implementation_technical guideClearswift f5 implementation_technical guide
Clearswift f5 implementation_technical guideMarco Essomba
 
Certificate Pinning in Mobile Applications
Certificate Pinning in Mobile ApplicationsCertificate Pinning in Mobile Applications
Certificate Pinning in Mobile ApplicationsLuca Bongiorni
 
Student packet tracer manual v1.1
Student packet tracer manual v1.1Student packet tracer manual v1.1
Student packet tracer manual v1.1milkux
 
Cisco Connect Toronto 2017 - Introducing the Network Intuitive
Cisco Connect Toronto 2017 - Introducing the Network IntuitiveCisco Connect Toronto 2017 - Introducing the Network Intuitive
Cisco Connect Toronto 2017 - Introducing the Network IntuitiveCisco Canada
 
Palo alto networks product overview
Palo alto networks product overviewPalo alto networks product overview
Palo alto networks product overviewBelsoft
 
CaseStudy_4_Master
CaseStudy_4_MasterCaseStudy_4_Master
CaseStudy_4_MasterBrian Lawson
 
Security Best Practices for Your Ignition System
Security Best Practices for Your Ignition SystemSecurity Best Practices for Your Ignition System
Security Best Practices for Your Ignition SystemInductive Automation
 
Palo alto outline course | Mostafa El Lathy
Palo alto outline course | Mostafa El LathyPalo alto outline course | Mostafa El Lathy
Palo alto outline course | Mostafa El LathyMostafa El Lathy
 
Network topology by essay corp uk
Network topology by essay corp ukNetwork topology by essay corp uk
Network topology by essay corp ukJohnsmith5188
 
Prévention et détection des mouvements latéraux
Prévention et détection des mouvements latérauxPrévention et détection des mouvements latéraux
Prévention et détection des mouvements latérauxColloqueRISQ
 
Ccnp iscw lab guide
Ccnp iscw lab guideCcnp iscw lab guide
Ccnp iscw lab guideVNG
 
11 palo alto user-id concepts
11 palo alto user-id concepts11 palo alto user-id concepts
11 palo alto user-id conceptsMostafa El Lathy
 

Similar to Cisco Wireless LAN Controller Palo Alto Networks Config Guide (20)

CCNAv5 - S4: Chapter8 monitoring the network
CCNAv5 - S4: Chapter8 monitoring the networkCCNAv5 - S4: Chapter8 monitoring the network
CCNAv5 - S4: Chapter8 monitoring the network
 
CCNA_RSE_Chp10.pptx
CCNA_RSE_Chp10.pptxCCNA_RSE_Chp10.pptx
CCNA_RSE_Chp10.pptx
 
25.3.11 packet tracer logging from multiple sources
25.3.11 packet tracer logging from multiple sources25.3.11 packet tracer logging from multiple sources
25.3.11 packet tracer logging from multiple sources
 
Copyright © 2016 VIT, All Rights Reserved. VIT and its log.docx
Copyright © 2016 VIT, All Rights Reserved. VIT and its log.docxCopyright © 2016 VIT, All Rights Reserved. VIT and its log.docx
Copyright © 2016 VIT, All Rights Reserved. VIT and its log.docx
 
Cisco acs configuration guide
Cisco acs configuration guideCisco acs configuration guide
Cisco acs configuration guide
 
Clearswift f5 implementation_technical guide
Clearswift f5 implementation_technical guideClearswift f5 implementation_technical guide
Clearswift f5 implementation_technical guide
 
Ap config
Ap configAp config
Ap config
 
IoT Meets Security
IoT Meets SecurityIoT Meets Security
IoT Meets Security
 
Certificate Pinning in Mobile Applications
Certificate Pinning in Mobile ApplicationsCertificate Pinning in Mobile Applications
Certificate Pinning in Mobile Applications
 
Student packet tracer manual v1.1
Student packet tracer manual v1.1Student packet tracer manual v1.1
Student packet tracer manual v1.1
 
Cisco Connect Toronto 2017 - Introducing the Network Intuitive
Cisco Connect Toronto 2017 - Introducing the Network IntuitiveCisco Connect Toronto 2017 - Introducing the Network Intuitive
Cisco Connect Toronto 2017 - Introducing the Network Intuitive
 
LTRSEC-2017-LG
LTRSEC-2017-LGLTRSEC-2017-LG
LTRSEC-2017-LG
 
Palo alto networks product overview
Palo alto networks product overviewPalo alto networks product overview
Palo alto networks product overview
 
CaseStudy_4_Master
CaseStudy_4_MasterCaseStudy_4_Master
CaseStudy_4_Master
 
Security Best Practices for Your Ignition System
Security Best Practices for Your Ignition SystemSecurity Best Practices for Your Ignition System
Security Best Practices for Your Ignition System
 
Palo alto outline course | Mostafa El Lathy
Palo alto outline course | Mostafa El LathyPalo alto outline course | Mostafa El Lathy
Palo alto outline course | Mostafa El Lathy
 
Network topology by essay corp uk
Network topology by essay corp ukNetwork topology by essay corp uk
Network topology by essay corp uk
 
Prévention et détection des mouvements latéraux
Prévention et détection des mouvements latérauxPrévention et détection des mouvements latéraux
Prévention et détection des mouvements latéraux
 
Ccnp iscw lab guide
Ccnp iscw lab guideCcnp iscw lab guide
Ccnp iscw lab guide
 
11 palo alto user-id concepts
11 palo alto user-id concepts11 palo alto user-id concepts
11 palo alto user-id concepts
 

Recently uploaded

My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 

Recently uploaded (20)

My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 

Cisco Wireless LAN Controller Palo Alto Networks Config Guide

  • 1. Palo Alto Networks PANOS 6.1, Cisco WLC 5500, Kiwi Syslogd integration guide Alberto Rivai Systems Engineer – Major Accounts Palo Alto Networks Melbourne, Australia
  • 2. Summary  PAN-OS 6.0 introduced the ability to use the Palo Alto Networks firewall and the User-ID Agent as a syslog listener for collecting syslogs from different systems in the network, and to map users to IP addresses. The user to IP mappings could be used in security rules and policies.  The problem with Cisco Wireless LAN Controller, it does not send successful user authentication message through syslog. Cisco WLC generates SNMP traps which we can utilize to get the user to IP mapping.  This document shows a quick configuration guide on how to configure Cisco WLC to send SNMP traps to Kiwi Syslogd, which then converts and forwards the messages through syslog protocol to Palo Alto Networks syslog receiver. 2 | ©2014, Palo Alto Networks. Confidential and Proprietary.
  • 3. Cisco WLC configuration  Create SNMP receiver by going to Management tab and Trap Receivers 3 | ©2014, Palo Alto Networks. Confidential and Proprietary.
  • 4. Kiwi Syslogd configuration - 1  Open Kiwi Syslog server console, go to File -> Setup  Right click on Actions and create a new action 4 | ©2014, Palo Alto Networks. Confidential and Proprietary.
  • 5. Kiwi Syslogd configuration - 2  Select Forward to another host  Enter the IP address of the Palo Alto Networks syslog receiver 5 | ©2014, Palo Alto Networks. Confidential and Proprietary.
  • 6. Palo Alto Networks configuration - 1  Login to the WebUI  Go to Device -> User Identification  Click on the gear icon on the Palo Alto Networks User ID Agent setup window 6 | ©2014, Palo Alto Networks. Confidential and Proprietary.
  • 7. Palo Alto Networks configuration - 2  Go to Syslog Filters tab and click Add  Select Field Identifier 7 | ©2014, Palo Alto Networks. Confidential and Proprietary.
  • 8. Palo Alto Networks configuration - 3  Use the below identifier to identify the syslog message  Event String : enterprise=1.3.6.1.4.1.9.9.599.0.4  Username Prefix : 1.3.6.1.4.1.9.9.599.1.3.1.1.27.0=  Username Delimiter : ,  Address Prefix : cldcClientIPAddress.0=  Address Delimiter : , 8 | ©2014, Palo Alto Networks. Confidential and Proprietary.
  • 9. Palo Alto Networks configuration - 4  Add Server Monitoring, go to Device – User Identification and click Add under Server Monitoring window  Select type : Syslog Sender and enter the IP address of Kiwi Syslogd server 9 | ©2014, Palo Alto Networks. Confidential and Proprietary.
  • 10. Palo Alto Networks configuration - 5  Verify that the Syslog receiver is enabled  Go to Device – Setup – Management – Management Interface Setting 10 | ©2014, Palo Alto Networks. Confidential and Proprietary.
  • 11. Verify syslog receiver  Execute the below command  admin@PA-200-arivai> show user server-monitor <syslog receiver name>  You will see the number of log messages increasing 11 | ©2014, Palo Alto Networks. Confidential and Proprietary.
  • 12. Verify syslog receiver  To identify if the syslog receiver successfully parsed the message and identify users, execute the below command  admin@PA-200-arivai> show user ip-user-mapping all type SYSLOG 12 | ©2014, Palo Alto Networks. Confidential and Proprietary.
  • 13. 13 | ©2014, Palo Alto Networks. Confidential and Proprietary.