Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Extreme Networks User-ID to PanOS 10.x?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Extreme Networks User-ID to PanOS 10.x?

L0 Member

We moved to a setup with Extreme Networks and Palo Alto a few months back.

 

On the wireless side, our users connect using Extreme's (originally Aerohive's) PPSK, which has user-ID info. We'd like that user-id to show up in PanOS.

 

I was sent this document but it appears to be out of date (it's from 2013), the script definitely is out of date: https://manualzz.com/doc/23623919/aerohive-and-palo-alto-networks

 

Is anyone else doing this? Is there any new guidance from PaloAlto on how to accomplish this integration?

 

Thanks!

 

+++Jeff

4 REPLIES 4

L4 Transporter

I have the same Issue

I'm working with the same link, I tuning the code to forward logs from Kiwi syslog to the firewall

PCSPI, PCNSCx3,PCNSEx4,, PCSAE,PCDRA, ISC2 CC

L0 Member

Did you figure this out?

I am sending syslogs from each Aerohive AP to a PA User-ID Agent on a server. They are then sent to my PA FW. 

 

I had to reformat the syslog filter to :

type Field

event string : ah_auth

Username Prefix : username

Username Delimiter: \s

address prefix: ip

Address Delimiter: \s

Address per log: 1

 

I came to this post because I am researching how to consolidate the logs a bit. I have more AH APs than the User-ID agent allows. I will look into Kiwi or a second User-ID agent. 

--

L0 Member

I had to set this aside due to other priorities, but am back on it.

 

To date I haven't figured this out and am surprised that Extreme and Palo Alto don't have documentation or a best practices guide on this. I know I'm not the only Extreme/Palo Alto customer.

 

Right now I have the data coming in from Extreme to Kiwi Syslog and I can see it all.

 

The challenge I'm still trying to sort out is how to get it over to the Palo Alto device.

 

@Sau29Admin are you saying that you are sending it from a syslog server to the Palo Alto User-ID agent?

 

I'm using the User-ID agent to get User-ID's off wired clients.

 

Thanks!

L0 Member

Hi,

 

Just in case you come across this thread extreme has come with a solution to populate userid thru api.   Have a look here.  It might work for you.

 

https://www.extremenetworks.com/partners/integration-partners/ Scroll down to Palo Alto

 

 

  • 4237 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!