- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
06-07-2021 08:53 AM
We moved to a setup with Extreme Networks and Palo Alto a few months back.
On the wireless side, our users connect using Extreme's (originally Aerohive's) PPSK, which has user-ID info. We'd like that user-id to show up in PanOS.
I was sent this document but it appears to be out of date (it's from 2013), the script definitely is out of date: https://manualzz.com/doc/23623919/aerohive-and-palo-alto-networks
Is anyone else doing this? Is there any new guidance from PaloAlto on how to accomplish this integration?
Thanks!
+++Jeff
07-05-2021 07:31 AM
I have the same Issue
I'm working with the same link, I tuning the code to forward logs from Kiwi syslog to the firewall
11-12-2021 06:06 AM
Did you figure this out?
I am sending syslogs from each Aerohive AP to a PA User-ID Agent on a server. They are then sent to my PA FW.
I had to reformat the syslog filter to :
type Field
event string : ah_auth
Username Prefix : username
Username Delimiter: \s
address prefix: ip
Address Delimiter: \s
Address per log: 1
I came to this post because I am researching how to consolidate the logs a bit. I have more AH APs than the User-ID agent allows. I will look into Kiwi or a second User-ID agent.
12-10-2021 09:17 AM
I had to set this aside due to other priorities, but am back on it.
To date I haven't figured this out and am surprised that Extreme and Palo Alto don't have documentation or a best practices guide on this. I know I'm not the only Extreme/Palo Alto customer.
Right now I have the data coming in from Extreme to Kiwi Syslog and I can see it all.
The challenge I'm still trying to sort out is how to get it over to the Palo Alto device.
@Sau29Admin are you saying that you are sending it from a syslog server to the Palo Alto User-ID agent?
I'm using the User-ID agent to get User-ID's off wired clients.
Thanks!
04-20-2022 09:13 PM
Hi,
Just in case you come across this thread extreme has come with a solution to populate userid thru api. Have a look here. It might work for you.
https://www.extremenetworks.com/partners/integration-partners/ Scroll down to Palo Alto
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!