cancel
Showing results for 
Search instead for 
Did you mean: 

Ruckus and Palo Alto User-ID on Guest Network (two different network addresses)

tony_cable
New Contributor II
Hi

We have a Ruckus zonedirector 1100 and a Palo Alto firewall.

We have 3 wi-fi networks set up. In simple terms, one internal, two on a different network.

The zone director has a 10.35.x.x address, the other networks have a 172.16.x.x address. One of the network's requires the user's to log in via there active directory credentials, and i am trying to set up the palo alto to monitor this network so i can see who has done what.

I’m assuming that I connect the palo alto to the ruckus syslog somehow, but I can’t work out how to monitor the 172.16 network.

The internal network is monitoring fine (but then again it should, as it's on the same network and part of the active directory network), but the guest network i can't seem to monitor.

Can anyone point me in the right direction please.

If you need any further information regarding my set up, please let me know

Thanks

Tony
16 REPLIES 16

michael_brado
Esteemed Contributor II
I'm not familiar with Palo Alto FWs, but I know they can inspect packets to look for
viruses, etc. I don't know your router configuration or where the ZD connects into
the network. If you use three different VLANs to segment your three WLANs, and
can monitor your Internal 10.35.x.x, then does the PANW box have an interface on
your 10.35.x.x network too? If so, does it have another port that can connect to the
172.16.x.x VLAN/subnet? It may take an interface on the VLAN/subnet to do it's
inspection/FW duties. I suspect you would have a PANW interface on 172.16.x.x
and would specify their IP as your AD server, if you are logging in guest users via
their AD. If they only want Syslog, you can point to any IP host as an external
Syslog recipient.

lukas_josuhn
New Contributor III
Look into this: https://github.com/cesanetwan/uid-rad...

This is a PowerShell or VisualBasic script, which listens to RADIUS authentications and which is able to send the user to the User-ID agent.

It's a little bit tricky to install but it's working.

lukas_josuhn
New Contributor III
Look into this: https://github.com/cesanetwan/uid-rad...

This is a PowerShell or VisualBasic script, which listens to RADIUS authentications and which is able to send the user to the User-ID agent.

It's a little bit tricky to install but it's working.

lukas_josuhn
New Contributor III
As the link was cut:
https://github.com/cesanetwan/ uid-radius-script-ps/
(please remove the blank space after the dash)