This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Ruckus and Palo Alto User-ID on Guest Network (two different network addresses)

tony_cable
New Contributor II

‎11-06-2014 08:02 AM

Hi

We have a Ruckus zonedirector 1100 and a Palo Alto firewall.

We have 3 wi-fi networks set up. In simple terms, one internal, two on a different network.

The zone director has a 10.35.x.x address, the other networks have a 172.16.x.x address. One of the network's requires the user's to log in via there active directory credentials, and i am trying to set up the palo alto to monitor this network so i can see who has done what.

I’m assuming that I connect the palo alto to the ruckus syslog somehow, but I can’t work out how to monitor the 172.16 network.

The internal network is monitoring fine (but then again it should, as it's on the same network and part of the active directory network), but the guest network i can't seem to monitor.

Can anyone point me in the right direction please.

If you need any further information regarding my set up, please let me know

Thanks

Tony
16 REPLIES 16

dilojunior
New Contributor III

‎01-23-2015 08:17 AM

Hey Tony, take a look at this topic https://forums.ruckuswireless.com/ruc...

We also discussed the integration between Ruckus and PA. Maybe it can help you.

Cheers.
0 Kudos

tony_cable
New Contributor II

‎01-26-2015 07:04 AM

Hi Odilo

I'm trying this, from your other link, but i'm slightly confused with one of the steps.

your adding a Server Monitoring for the Zone Director, type syslog server. What IP address do i put in there? The IP for the zone director, or the IP for the management interface (or something else).

Whatever i put in, i don't seem to be getting a source user mapping.

Also, for the Username Regex section, our usernames are letters and numbers, so i changed it to sta_name(?:=.*\\|=)([a-z0-9]+); Is that correct?

Thanks
0 Kudos

tony_cable
New Contributor II

‎01-27-2015 05:11 AM

Don't worry, managed to sort it out. Done it in a slightly different way to what you have outlined above, but it is finally starting to sort itself out and filter correctly on the guest network.

Thanks all for help and suggestions.
0 Kudos

dilojunior
New Contributor III

‎01-27-2015 08:01 AM

Hi, good that is working now.
Answering your question, on Server Monitoring you should add the ZD IP, that is sending the logs to the PA, kind of allowing that IP to send syslog events.

About the regex, I have used this site to test the Regex patterns regex101.com.

Can you explain to us how you managed to work ?

Thanks, cheers.
0 Kudos

tony_cable
New Contributor II

‎01-27-2015 08:34 AM

it was more or less the same as above, but i couldn't get it to work as a Regex Identifier. It was getting the logs, but wasn't identifying the success ones, so i changed it to field identifier, and it now all appears to be working fine.

The next stage is to tidy it up so it's not sending so many logs to the Palo Alto, but it is identifying devices correctly and applying the right filters.
0 Kudos
Copyright © 2024 Khoros, LLC