This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About Nonaxium
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About Nonaxium
12-13-2020
3Posts
0Likes
0Solutions
Dec 13, 2020Last Visited
User
Activity
User
Profile
Latest posts by Nonaxium
| Subject | Views | Posted |
|---|---|---|
| 2194 | 12-12-2020 09:25 PM | |
| 2470 | 12-12-2020 09:09 PM | |
| 2603 | 12-11-2020 01:51 PM |
User Badges
Community Statistics
| Member Since | 12-11-2020 01:39 PM |
| Date Last Visited | 12-13-2020 12:46 AM |
| Posts | 3 |
12-12-2020
09:25 PM
You are correct in the fact that it is not fully installed....we are 85% installed. We are able to move devices into the quarantine VLAN through our connection at the switch level. After is it in the quarantine zone, it supposed to be routed to the splash page of the NAC solution, but the PA acting as their layer 3 routing device is not routing it to the NAC. We have tried static routing and PBF and the devices never get to the splash page. It just times out. Getting this, what I have always considered a simple process, routing to the splash page is the only step left and the NAC implementation is complete. The PANOS is the only thing I cant figure out at this point..all other services and applications in this solution are working.
... View more
12-12-2020
09:09 PM
The NAC solution that we are trying to implement is more than just used/machine identification. It provides compliance and regulatory checks, verifies software is not on a known vulnerable version, validates A/V is installed among others. I would usually implement at a root switch operating at with a static route, but in this instance, the layer 3 device is the PA. I considered setting up an additional virtual network on the PA with a static route just for the NAC to route the quarantine VLAN to the NAC splash page until authentication is done and then the device is removed from the quarantined VLAN and is routing normally. This is the only thing that I can think of right now. A Palo friend of mine told me that PAN can only PBF from a layer 3 device to a layer 3 device and that is why the redirect to the NAC on a layer 2 switch is not working, but I am still trying to clarify that.
... View more
12-11-2020
01:51 PM
We are trying to implement a NAC solution. The basics are that the NAC is connected to the switch stack and upon sensing a device connecting, it checks it for authentication against the NAC and if it fail it quarantines it into a specific VLAN. That part is working. The next step WOULD be that when the device goes to make a connection somewhere and upon hitting the Palo Alto (They are using the Palo Alto for Layer 3) the VLAN it is in SHOULD route it to the authentication page of the NAC and allow them to login and then the NAC would remove it from the quarantine VLAN and place it in the proper and routable VLAN. This part is not working. We have tried a few way to get the Palo Alto to direct all traffic in the quarantine VLAN to a specific IP (Internal Auth Page of the NAC) and nothing we have done is getting it to actually do the redirect........ Thoughts, suggestions, help, I am a PA newb, but have configured these with Cisco PBR's all day long and never had an issue............and Google has not been my friend!! Thanks in advance if you can help
... View more
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks