We have a Ruckus zonedirector 1100 and a Palo Alto firewall.
We have 3 wi-fi networks set up. In simple terms, one internal, two on a different network.
The zone director has a 10.35.x.x address, the other networks have a 172.16.x.x address. One of the network's requires the user's to log in via there active directory credentials, and i am trying to set up the palo alto to monitor this network so i can see who has done what.
I’m assuming that I connect the palo alto to the ruckus syslog somehow, but I can’t work out how to monitor the 172.16 network.
The internal network is monitoring fine (but then again it should, as it's on the same network and part of the active directory network), but the guest network i can't seem to monitor.
Can anyone point me in the right direction please.
If you need any further information regarding my set up, please let me know
it was more or less the same as above, but i couldn't get it to work as a Regex Identifier. It was getting the logs, but wasn't identifying the success ones, so i changed it to field identifier, and it now all appears to be working fine.
The next stage is to tidy it up so it's not sending so many logs to the Palo Alto, but it is identifying devices correctly and applying the right filters.