On our wireless controller, we implement AD authentication (without certificates), and the wireless controller is connected to the
| Deployment of Palo Alto Firewalls |
Is it possible to get module to support a device that (sometimes) reports an invalid PCI identifier?Apple WiFi Profile - Prevent Changes
Enable access for wireless devices without WPA2 Enterprise
MikroTik Wireless Bridge - Bad Ping with Load
New Cisco AIR-1602I-E-K9 AP not working on some ports
Once the user authenticates through AD and joins the wireless network, the Palo-Alto Firewall can see that John Smith has joined the network from device A (some IP). Right?
Does the Palo-Alto Firewall also have the ability to search for groups to which John Smith belongs ? (ex Corporate, Room103, etc.)
If the answer to both of these questions is yes, can we then create a rule on the Palo-Alto firewall saying:
If the user belongs to the AD Room103 group , he may have access to certain resources on the network. (ie things in vlan 's Room 103 )
objective is to use a firewall to segment access. Therefore, when John Smith enters the system from any device (BYOD), he can have access to his resources without using any kind of machine authentication.
This cannot be part of “best practices”; however, this is not a concern. All I want to know is if possible.
Enable access for wireless devices without WPA2 Enterprise
MikroTik Wireless Bridge - Bad Ping with Load
New Cisco AIR-1602I-E-K9 AP not working on some ports
Once the user authenticates through AD and joins the wireless network, the Palo-Alto Firewall can see that John Smith has joined the network from device A (some IP). Right?
Does the Palo-Alto Firewall also have the ability to search for groups to which John Smith belongs ? (ex Corporate, Room103, etc.)
If the answer to both of these questions is yes, can we then create a rule on the Palo-Alto firewall saying:
If the user belongs to the AD Room103 group , he may have access to certain resources on the network. (ie things in vlan 's Room 103 )
objective is to use a firewall to segment access. Therefore, when John Smith enters the system from any device (BYOD), he can have access to his resources without using any kind of machine authentication.
This cannot be part of “best practices”; however, this is not a concern. All I want to know is if possible.
No comments:
Post a Comment