We have several firewalls (mixed between PA-850 and PA-3260), each firewall is segmenting a diffrent regulatory compliance (PCI,HIPAA, CJIS, DOD and so on) network (with multi vlans in each segment). Some segments are not large enough to warrent thier own DHCP servers, so we are using the Palo DHCP (we do not want to use DHCP relay, we want to keep each segment completly isolated (except for managment of it)), The issue I am having, is we also use a NAC (Network Accessl Control) and the PCs need to have thier IP and MAC registered with the NAC. So, the qustion is: how do i get the PC to register with the NAC? I would like to set a DHCP option for this registration. but, I do not know if this has ever been done or even it it would work. Any surgestions on how to get the DHCP Broadcast (with out sending a request) or send it's logs for DHCP requst to the NAC?
Does your NAC allow for updates/registrations through an API? You could pull the DHCP client assignment through the PAN API call on a scheduled basis and then update your NAC with the client information.
You also have DHCP options available to you when you configure the DHCP server on the PAN side of things. If your NAC is simply using a scope option you can add it for registration.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!