This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to integrate between Ruckus and Palo Alto

teeraphol_sukpr
New Contributor II

‎10-11-2014 09:23 AM

Hi everyone,

I have some problem about how to integrate between Ruckus and Palo Alto.

The Palo Alto need the Ruckus syslog message which contain the IP and username for creating the policy but I tried to set Ruckus to send the syslog to Palo Alto but in the syslog messages are contain username and MAC address.

Do you have any idea how to set the Ruckus to send IP and username in syslog message of if you have any way for integration, please advice me.
9 REPLIES 9

michael_brown_5
New Contributor III

‎10-12-2014 03:43 PM

I actually looked into this a while ago and I believe the correct solution would be to have Palo Alto implement Radius accounting SSO. We have a Sonicwall that does this and several other vendors offer similar capabilities but Palo Alto does not :-(. When I was in talks with them they said that the only way this would be possible was to have a one of their solutions providers come up with a solution. I am guessing they would just come up with a Radius accounting to syslog translator which you can most likely do yourself if you want using Freeradius.

I would recommend asking Palo Alto to implement Radius accounting SSO. Hopefully if enough people ask they will add that feature. If they ask you can tell them that this is one of the reasons why we stopped looking at them.
0 Kudos

bill_burns_6069
Contributor III

‎10-14-2014 09:36 AM

Teeraphol:

I'm not aware (offhand) of a way for a PaloAlto firewall to consume syslog information.

What are you trying to achieve?
PaloAlto has Active Directory (and other?) integration features that help it determine what user is using which computer.
(in case you want to use PaloAlto user-based ACLs?)

Are your users not using Active Directory?
If that's the case, you may be able to configure the Ruckus for Radius authentication and use an AD machine as your radius server.

If that doesn't solve your problem, please provide more detail re: what your goals are.
0 Kudos

nick_khor
New Contributor II
In response to bill_burns_6069

‎12-22-2014 05:48 PM

I believed his goal is to find out the Domain User Authenticated device, not the Domain Hardware Authenticated device.

For example, a domain user's Android is authenticated, he is in the network and got an IP. But ZD doesn't know the Android's IP and PanOS can't recognize the Android's username.
0 Kudos

dilojunior
New Contributor III

‎12-05-2014 11:25 AM

It is really simple actually.
After 9.8 you are able to get the user login and IP from the syslog information. So you just need to forward the syslog from ZD to PA management IP (remember enable the Syslog listener on the iface) or to a machine running the Palo Alto User-ID agent. In case of 802.1x.

In case you are using AD auth, you can simply install and run the PA User-ID on your AD server.

Of course, both cases you need to configure your PA to receive information from the agents or SysLog events filters.

It works pretty good!
0 Kudos
Copyright © 2024 Khoros, LLC