This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Extreme Networks User-ID to PanOS 10.x?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Extreme Networks User-ID to PanOS 10.x?

SHMSIT
L0 Member

‎06-07-2021 08:53 AM

We moved to a setup with Extreme Networks and Palo Alto a few months back.

 

On the wireless side, our users connect using Extreme's (originally Aerohive's) PPSK, which has user-ID info. We'd like that user-id to show up in PanOS.

 

I was sent this document but it appears to be out of date (it's from 2013), the script definitely is out of date: https://manualzz.com/doc/23623919/aerohive-and-palo-alto-networks

 

Is anyone else doing this? Is there any new guidance from PaloAlto on how to accomplish this integration?

 

Thanks!

 

+++Jeff

0 Likes Likes
4 REPLIES 4

Alejandro_Hernandez
L4 Transporter

‎07-05-2021 07:31 AM

I have the same Issue

I'm working with the same link, I tuning the code to forward logs from Kiwi syslog to the firewall

PCSPI, PCNSCx3,PCNSEx4,, PCSAE,PCDRA, ISC2 CC
0 Likes Likes

Sau29Admin
L0 Member

‎11-12-2021 06:06 AM

Did you figure this out?

I am sending syslogs from each Aerohive AP to a PA User-ID Agent on a server. They are then sent to my PA FW. 

 

I had to reformat the syslog filter to :

type Field

event string : ah_auth

Username Prefix : username

Username Delimiter: \s

address prefix: ip

Address Delimiter: \s

Address per log: 1

 

I came to this post because I am researching how to consolidate the logs a bit. I have more AH APs than the User-ID agent allows. I will look into Kiwi or a second User-ID agent. 

--
0 Likes Likes

SHMSIT
L0 Member

‎12-10-2021 09:17 AM

I had to set this aside due to other priorities, but am back on it.

 

To date I haven't figured this out and am surprised that Extreme and Palo Alto don't have documentation or a best practices guide on this. I know I'm not the only Extreme/Palo Alto customer.

 

Right now I have the data coming in from Extreme to Kiwi Syslog and I can see it all.

 

The challenge I'm still trying to sort out is how to get it over to the Palo Alto device.

 

@Sau29Admin are you saying that you are sending it from a syslog server to the Palo Alto User-ID agent?

 

I'm using the User-ID agent to get User-ID's off wired clients.

 

Thanks!

0 Likes Likes

A_Armstrong
L0 Member

‎04-20-2022 09:13 PM

Hi,

 

Just in case you come across this thread extreme has come with a solution to populate userid thru api.   Have a look here.  It might work for you.

 

https://www.extremenetworks.com/partners/integration-partners/ Scroll down to Palo Alto

 

 

0 Likes Likes
  • 4313 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks