Greetings all, I'm wondering if anyone else is using Cisco ISE for network access control and has experience integrating it to publish User ID to the Palo Alto firewalls? I saw a support article for it but the regex appears to be out of date. I found another guide somewhere else that suggested using field identifiers instead of regex which is what I did. I now can get User ID for devices logging in to an 802.1x SSID, for example. My next challenge is device that use MAC authorization, or MAB. I know this isn't really a recommended practice but since we have on-campus housing, we need to support some SSIDs/networks that utilize this for all of those consumer devices that don't support better security like 802.1x. I believe ISE is publishing these RADIUS connections to the firewall, however, they appear as device MAC addresses which is going to make user-based firewall rules difficult. I know the username for the device when logging in to a MAB protected network technically is the MAC address, but we've used a previous solution for network access control that would instead publish the owner's username (i.e. the username they used to register/enroll the device) and I'm wondering if there is another way to implement the ISE/Palo connection that would give us the owner's username for these connections vs the MAC address? Thanks!
... View more