Aerohive and Palo Alto Networks. Partner Solution Brief

Size: px
Start display at page:

Download "Aerohive and Palo Alto Networks. Partner Solution Brief"

Transcription

1 Aerohive and Palo Alto Networks Partner Solution Brief

2 Introduction Now that connecting wirelessly is the norm and users have multiple devices they use for business critical and personal activities, having a solution that can identify and enforce network access based on identity, device type, location, and time of day is critical to support and maintain a mobility-optimized network. Aerohive and Palo Alto Networks have joined together to provide next-generation application visibility and control for the mobile-first community. Aerohive s application visibility and policy enforcement functionality provides an administrator with extremely detailed and granular information and controls to optimize user application experience at the edge of the network. Aerohive can customize how applications are prioritized, de-prioritized, or blocked based on all available context, including identity of the user, device type, location on the network, and the time of day. This is extremely useful for ensuring that traffic is appropriately categorized and potentially blocked before it ever even gets onto the network infrastructure, saving valuable resources and providing an extra layer of security. However, many networks require aggregated controls as well as edge-based enforcement, and when you combine the Aerohive mobility-optimized access layer with Palo Alto Network s next-generation firewall, administrators get a comprehensive solution that provides best-of-breed content security and application monitoring for all users and devices connected to the network. Aerohive has the advantage of knowing all the available user context because devices are connecting and users are authenticating to the access points and switches directly in order to gain access to the network. Palo Alto Networks firewalls, on the other hand, are generally installed at the gateway to the network, and have visibility into everything coming or going in aggregate, but the user context is often obscured due to all the network infrastructure between the gateway and the connected client. Together Aerohive and Palo Alto Networks solve the problems of the mobile first enterprise by combining information about user context with application visibility and controls. The Aerohive and Palo Alto Networks Solution Aerohive s Cooperative Control networking infrastructure equipment along with Palo Alto Networks next-generation firewalls provide a comprehensive and robust solution for optimizing the user experience on a mobile first network. Together the solution provides many benefits, including: Enhanced UserID Visibility and Enforcement Aerohive devices can provide user identity, device type, and IP address information to the Palo Alto Networks firewalls to enhance the UserID functionality that allows Palo Alto Networks firewalls to make policy decisions based on context Client-less Operation Aerohive learns the context based on existing interaction between the connected clients and the Aerohive devices, so no client or profile need be installed on the client devices. Comprehensive Application Visibility and Control Together, Aerohive and Palo Alto Networks allow administrators to enforce application controls at both the edge of the network and at the gateway, ensuring applications are identified and prioritized/de-prioritized/blocked based on context at the ideal enforcement point Zero-Cost Data Performance Because this integration relies on information already available to Aerohive devices as part of normal authentication, there is no in-line performance hit for using this integration to enhance application control on the network.

3 Aerohive and Palo Alto Networks Solution Brief How It Works The Aerohive and Palo Alto Networks solution works with Aerohive HiveOS 5.1r3 version or later and Palo Alto Networks PAN-OS version 4.0 or later. The solution requires the Aerohive administrator to set up syslog logging for Aerohive devices and point them at a syslog server that is capable of running scripts. The script then parses the necessary user details and sends it to a server running the PAN UID-API agent, which in turn updates the PAN firewall with the context-enhanced User ID information. Step-by-Step 1. Configure Authentication At the heart of this solution is the requirement for the Aerohive devices to know the identity of the user accessing the network. The three most common ways Aerohive can identify a specific user are A) 802.1X or WPA2-Enterprise; B) Private Pre-Shared Key; or, C) Captive Web Portal. Therefore, the first step is to configure the Aerohive devices with SSIDs or ports that require one of these types of authentication. Copyright 2013, Aerohive Networks, Inc. 3

4 2. Configure Syslog The second step is to configure the Aerohive devices to report the information they know to a syslog server. This can be configured per network policy in the Additional Settings Management Settings section. Once the policy is configured and pushed to the Aerohive devices, HiveOS will begin generating logs that include the user identity, IP address, and operating system and will send them to the configured syslog server. Sample logs look like the following: 802.1X: :06:05 info ah auth: Station 1cab:a7e6:cf7f ip username astrong hostname Strong-iPad3-6 OS Apple ios PPSK: :43:18 info ah_auth: Station 1cab:a7e6:cf7f ip username Buster Keaton hostname Strong-iPad3-6 OS Apple ios CWP: :50:46 info ah_auth: Station 1cab:a7e6:cf7f ip username hostname Strong-iPad3-6 OS Apple ios 3. Scripted info sent to UID-API Once the logs are collected in the syslog server, a script can parse the bolded information and collate it into a format the Palo Alto UID-API can deliver to the Palo Alto Networks firewall. There are 2 major parts to the script data extraction and push to agent. Within the data extraction portion, a regular expression is used to parse the username, IP address, and operating system of the connected client. One important note is that depending on how the network authentication is configured, it may be necessary to append the domain information to the username if it is not included in the log information. Sample script written for Kiwi Syslog Server: ' Copyright (c) 2013 Palo Alto Networks, Inc. ' ' Permission to use, copy, modify, and distribute this software for any 4 Copyright 2013, Aerohive Networks, Inc.

5 Aerohive and Palo Alto Networks Solution Brief ' purpose with or without fee is hereby granted, provided that the above ' copyright notice and this permission notice appear in all copies. ' ' THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES ' WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF ' MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ' ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES ' WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ' ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF ' OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ' 'Script takes syslog output sent from an Aerohive device to a Kiwi syslog server and updates user data 'log data is expected to look like: :06:05 info ah auth: Station 1cab:a7e6:cf7f ip username astrong hostname Strong-iPad3-6 OS Apple ios Function Main() 'Kiwi syslog requires the content of the script to be contained in a Main() function '----CHANGE THESE TO MATCH AGENT OR FIREWALL---- stragentserver=" " stragentport="5006" '----CHANGE THIS TO MATCH AD DOMAIN NAME!---- strdomain = "Corp" '-----ADD API KEY HERE FOR AGENTLESS OPERATION strkey="" set xmlhttp = CreateObject("Msxml2.ServerXMLHTTP") strlog = Fields.VarCleanMessageText 'This is a Kiwi variable for the content of the log message ptrn = "ip (\d+\.\d+\.\d+\.\d+).*username (\w+).*hostname (.*) OS (.*)" if InStr(strLog,"n/a")=0 then 'Will not run script if there is no username '// Create the regular expression. Set re = New RegExp re.pattern = ptrn re.ignorecase = False re.global = True '// Perform the search. Set Matches = re.execute(strlog) Copyright 2013, Aerohive Networks, Inc. 5

6 '// Collect matches and assign the user and address to variables set omatch = Matches(0) struser = omatch.submatches(1) straddress = omatch.submatches(0) strhost = omatch.submatches(2) stros = omatch.submatches(3) '// Build the XML message strxmlline = "<uid-message><version>1.0</version><type>update</type><payload><login>" strxmlline = strxmlline & "<entry name=""" & strdomain & "\" & struser & """ ip=""" & straddress & """/>" if strkey!="" then strxmlline = strxmlline & "<hip-report><md5-sum>ae413e22b34a76366a542a1dd9b1108a</md5-sum><user-name> " & struser & "</user-name><domain>" & strdomain & "</domain><host-name>"& strhost & "</host-name><ip-address>"& straddress & "</ip-address><generate-time>" & Now & "</generate-time><categories><entry name=""" & "host-info" & """><client-version></client-version><os>" & stros & "</os><os-vendor></os-vendor><domain></domain><host-name>android</host-name </entry></categories></hip-report> end if strxmlline = strxmlline & "</login></payload></uid-message>" '// '// Post to the UID agent '// Const SXH_SERVER_CERT_IGNORE_ALL_SERVER_ERRORS = If strkey="" then 'Posting to software agent '// Post data to Agent surl = "https://" & stragentserver & ":" & stragentport & "/" On Error Resume Next xmlhttp.open "put", surl, False xmlhttp.setrequestheader "Content-type", "text/xml" xmlhttp.setoption 2, SXH_SERVER_CERT_IGNORE_ALL_SERVER_ERRORS xmlhttp.send strxmlline 6 Copyright 2013, Aerohive Networks, Inc.

7 Aerohive and Palo Alto Networks Solution Brief xmlhttp.close else 'posting to firewall agent '//Post using REST API surl = "https://" & stragentserver & "/api/?type=user-id&action=set&key=" & strkey & "&cmd=" & strxmlline On Error Resume Next xmlhttp.open "put", surl, False xmlhttp.setrequestheader "Content-type", "text/xml" xmlhttp.setoption 2, SXH_SERVER_CERT_IGNORE_ALL_SERVER_ERRORS xmlhttp.send xmlhttp.close end if end if Main="OK" 'return value for Kiwi End Function 4. Create Rules in Palo Alto Networks firewall Once you have the additional UserID information, the Palo Alto Networks firewall can enforce policies based on available context, such as membership group, device type, or IP address. Summary Next-generation networking requires knowledge of user identity, device type, location, and time to enforce granular policies that allow users to access the network according to their context. By combining two best-of-breed solutions, Aerohive Networks and Palo Alto Networks allow customers to optimize mobility and ensure security with granular, context-based application visibility and policy enforcement both at the edge and at the gateway. Together the solution provides unprecedented visibility, monitoring, and policy controls for a mobile first enterprise. Copyright 2013, Aerohive Networks, Inc. 7

8 About Aerohive People want to work anywhere; on any device, and IT needs to enable them -- without drowning in complexity or compromising on security, performance, reliability or cost. Aerohive's mission is to Simpli-Fi these enterprise access networks with a cloud-enabled, self-organizing, service-aware, identity-based infrastructure that includes innovative Wi-Fi, VPN, branch routing and switching solutions. Aerohive was founded in 2006 and is headquartered in Sunnyvale, Calif. The company's investors include Kleiner Perkins Caufield & Byers, Lightspeed Venture Partners, Northern Light Venture Capital, New Enterprise Associates, Inc. (NEA) and Institutional Venture Partners (IVP). For more information, please visit call us at , follow us on subscribe to our blog, join our community or become a fan on our Facebook page.. About Palo Alto Networks Palo Alto NetworksTM next-generation firewalls enable unprecedented visibility and granular policy control of applications and content by user, not just IP address at 20 Gbps network throughput levels. Based on patent- pending App-IDTM technology, Palo Alto Networks firewalls accurately identify and control applications regardless of port, protocol, evasive tactic or SSL encryption and scan content to stop threats and prevent data leakage. Enterprises can, for the first time, embrace Web 2.0 and maintain complete visibility and control, while significantly reducing total cost of ownership through device consolidation Corporate Headquarters International Headquarters Aerohive Networks, Inc. Aerohive Networks Europe LTD 330 Gibraltar Drive The Court Yard Sunnyvale, California USA West Street Phone: Farnham, Surrey, UK, GU9 7DR Toll Free: (0) Fax: Fax: + 44 (0)

Seven Guidelines to Support Standardized Testing

Seven Guidelines to Support Standardized Testing Solution Brief Seven Guidelines to Support Standardized Testing Using Wi-Fi to Enable Online Student Assessments Introduction With a nearly $400 million dollar investment from the US Department of Education,

More information

Aerohive Client Management

Aerohive Client Management Solution Brief Aerohive Client Management Context-Based Access & Device Controls for a Mobile First Enterprise Introduction BYOD and the Consumerization of IT have redefined how administrators manage their

More information

HiveManager Client Management

HiveManager Client Management Solution Brief HiveManager Client Management Context-Based Access & Device Controls for a Mobile First Enterprise Introduction BYOD and the Consumerization of IT are changing enterprise networking. Just

More information

Solution Brief. Branch on Demand. Extending and Securing Access Across the Organization

Solution Brief. Branch on Demand. Extending and Securing Access Across the Organization Solution Brief Branch on Demand Extending and Securing Access Across the Organization Branch on Demand Extending Access to Corporate Resources Across the Organization As organizations extend corporate

More information

Smart Mobility Platform for Retailers

Smart Mobility Platform for Retailers Solution Brief Smart Mobility Platform for Retailers Drive Traffic, Loyalty, and Sales with Effective, Easy-to-Manage Mobility Solutions At A Glance Aerohive solutions for retail provide a range of mobility

More information

Aerohive and JAMF Software

Aerohive and JAMF Software Aerohive and JAMF Software Simplified & Powerful Management & Enrollment for Apple Platforms Partner Solution Brief Introduction The Aerohive and JAMF Software Solution Aerohive Cooperative Control Wi-Fi

More information

Solution Brief. Branch on Demand. Extending and Securing Access Across the Organization

Solution Brief. Branch on Demand. Extending and Securing Access Across the Organization Solution Brief Branch on Demand Extending and Securing Access Across the Organization Extending Access to Corporate Resources Across the Organization As organizations extend corporate capabilities to teleworkers

More information

solution brief ID Manager Leverage the Cloud to Simplify and Automate Enterprise Guest Management

solution brief ID Manager Leverage the Cloud to Simplify and Automate Enterprise Guest Management solution brief ID Manager Leverage the Cloud to Simplify and Automate Enterprise Guest Management Several trends have recently emerged to ignite the requirement for enterprise guest management. One is

More information

Wi-Fi Security. More Control, Less Complexity. Private Pre-Shared Key

Wi-Fi Security. More Control, Less Complexity. Private Pre-Shared Key Wi-Fi Security More Control, Less Complexity Private Pre-Shared Key Mobility Meets Security Are the consumer devices in your environment exploding? Are your employees bringing their own devices? And has

More information

Application Visibility and Control

Application Visibility and Control Solution Brief Application Visibility and Control Context-based Visibility, Prioritization, and Enforcement Enhancing Cooperative Control Infrastructure with Application Awareness Modern IT administrators

More information

Wireless LAN Best Practices for Compliant Care

Wireless LAN Best Practices for Compliant Care Compliance Whitepaper Wireless LAN Best Practices for Compliant Care Ensuring HIPAA Compliance to Reduce WLAN Risk Introduction Innovations in healthcare technology have greatly improved patient care and

More information

Aerohive Private PSK. solution brief

Aerohive Private PSK. solution brief Aerohive Private PSK solution brief Table of Contents Introduction... 3 Overview of Common Methods for Wi-Fi Access... 4 Wi-Fi Access using Aerohive Private PSK... 6 Private PSK Deployments Using HiveManager...

More information

Trends in Wireless Networking for Healthcare Organizations

Trends in Wireless Networking for Healthcare Organizations Trends in Wireless Networking for Healthcare Organizations Healthcare IT professionals are addressing new challenges and choices as their organizations increasingly rely on wireless networks to access

More information

Ubiquitous Wireless Network for Law Firms and Legal Offices

Ubiquitous Wireless Network for Law Firms and Legal Offices Ubiquitous Wireless for Law Firms and Legal Offices white paper Ubiquitous Wireless Network for Law Firms and Legal Offices Empowering attorneys, legal agency workers and enforcement personnel with Simple,

More information

Cloud Services Platform

Cloud Services Platform whitepaper Cloud Services Platform Security and Availability Controls Table of Contents Offering Statement... 3 Data Centers... 3 Software Upgrades... 4 Data Protection... 4 Availability... 5 Technology...

More information

White Paper. Retail Made Personal. Make the shopping experience personal, relevant, and profitable

White Paper. Retail Made Personal. Make the shopping experience personal, relevant, and profitable White Paper Retail Made Personal Make the shopping experience personal, relevant, and profitable Executive Summary For retailers, the goal is attracting, keeping, and upselling loyal customers. Today,

More information

Cloud Services Platform. Security and Availability Controls Overview

Cloud Services Platform. Security and Availability Controls Overview Cloud Services Platform Security and Availability Controls Overview Table of Contents Offering Statement... 3 Data Centers... 3 Software Upgrades... 4 Data Protection... 5 Availability... 6 Technology...

More information

Rethink Your Branch Network Strategy

Rethink Your Branch Network Strategy white paper Rethink Your Branch Network Strategy Create More Flexible, More Productive Branch Networks Table of Contents Introduction... 3 The Challenge of Mission Critical Remote Workers... 4 Where to

More information

Radio Resource Management in HiveOS. solution brief

Radio Resource Management in HiveOS. solution brief Radio Resource Management in HiveOS solution brief Radio Resource Management in HiveOS Introduction As enterprise wireless LANs have grown from a curiosity providing access in conference rooms into the

More information

Solution Brief. Aerohive and OpenDNS. Advanced Network Security for Retail Stores

Solution Brief. Aerohive and OpenDNS. Advanced Network Security for Retail Stores Solution Brief Aerohive and OpenDNS Advanced Network Security for Retail Stores Introduction Protecting your retail business requires security for all users and devices connected to the network, regardless

More information

SIMPLI-FI NETWORKING. WiFi Wired Cloud Branch On-Demand

SIMPLI-FI NETWORKING. WiFi Wired Cloud Branch On-Demand SIMPLI-FI NETWORKING. WiFi Wired Cloud Branch On-Demand Aerohive addresses one of the key issues that companies like us have with controller-based access points. We have some larger sites, but also quite

More information

Bring Your Own Device:

Bring Your Own Device: Bring Your Own Device: Finding the perfect balance between Security, Performance, Flexibility & Manageability SECURELINK WHITEPAPER 2012 By Frank Staut Management summary This white paper discusses some

More information

Healthcare Solution Brief. Simpli-fi Point of Care Solution Improving patient care with a simple, cost-effective and resilient wireless network

Healthcare Solution Brief. Simpli-fi Point of Care Solution Improving patient care with a simple, cost-effective and resilient wireless network Healthcare Solution Brief Simpli-fi Point of Care Solution Improving patient care with a simple, cost-effective and resilient wireless network Simpli-fi Point of Care with Aerohive Solutions At A Glance

More information

Connected Store & Restaurant in a Box

Connected Store & Restaurant in a Box Solution Brief Connected Store & Restaurant in a Box Enabling Rapid Connectivity for the Leading Retail Point of Sale Introduction Physical retailers, including restaurants, seek to attract, keep, and

More information

The Importance of Building High-availability Wireless LANs. white paper

The Importance of Building High-availability Wireless LANs. white paper The Importance of Building High-availability Wireless LANs white paper THE DE-EVOLUTION OF HIGH AVAILABILITY IN WIRELESS LANS The last 5 years of enterprise wireless LANs have enabled IT professionals

More information

Palo Alto Networks User-ID Services. Unified Visitor Management

Palo Alto Networks User-ID Services. Unified Visitor Management Palo Alto Networks User-ID Services Unified Visitor Management Copyright 2011 Aruba Networks, Inc. Aruba Networks trademarks include Airwave, Aruba Networks, Aruba Wireless Networks, the registered Aruba

More information

About the VM-Series Firewall

About the VM-Series Firewall About the VM-Series Firewall Palo Alto Networks VM-Series Deployment Guide PAN-OS 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 http://www.paloaltonetworks.com/contact/contact/

More information

Branch Router Buyer s Guide

Branch Router Buyer s Guide 2012-2013 Branch Router Buyer s Guide The definitive guide for evaluating branch networks Copyright 2013, Aerohive Networks, Inc. 1 Introduction Today s enterprise IT department faces a number of conflicting

More information

Configuring User Identification via Active Directory

Configuring User Identification via Active Directory Configuring User Identification via Active Directory Version 1.0 PAN-OS 5.0.1 Johan Loos johan@accessdenied.be User Identification Overview User Identification allows you to create security policies based

More information

User-ID Features. PAN-OS New Features Guide Version 6.0. Copyright 2007-2015 Palo Alto Networks

User-ID Features. PAN-OS New Features Guide Version 6.0. Copyright 2007-2015 Palo Alto Networks User-ID Features PAN-OS New Features Guide Version 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 http://www.paloaltonetworks.com/contact/contact/

More information

Radius Integration Guide Version 9

Radius Integration Guide Version 9 Radius Integration Guide Version 9 Document version 9402-1.0-18/10/2006 2 IMPORTANT NOTICE Elitecore has supplied this Information believing it to be accurate and reliable at the time of printing, but

More information

Viewing Palo Alto Networks as a Strategic Network Security Platform

Viewing Palo Alto Networks as a Strategic Network Security Platform Viewing Palo Alto Networks as a Strategic Network Security Platform IANS WORKING KNOWLEDGE SERIES CASE STUDY 2010 About Capital Region Health Care (CRHC) and Concord Hospital CRHC includes Concord Hospital,

More information

Building Secure Wireless LAN. white paper

Building Secure Wireless LAN. white paper Building Secure Wireless LAN white paper Table of Contents Introduction... 3 Holistic Security Approach... 3 Deploying a Secure WLAN... 4 Wireless Privacy... 4 Authentication... 6 Client Management and

More information

GlobalProtect Overview

GlobalProtect Overview GlobalProtect Overview Whether checking email from home or updating corporate documents from the airport, the majority of today's employees work outside the physical corporate boundaries. This increased

More information

BR100 Router Branch Router with built-in 802.11n

BR100 Router Branch Router with built-in 802.11n datasheet BR100 Router Branch Router with built-in 802.11n The Aerohive Networks BR100 Router marries 802.11n performance, enterprise security and advanced wired/wireless management with cloud computing

More information

High Availability Configuration Guide Version 9

High Availability Configuration Guide Version 9 High Availability Configuration Guide Version 9 Document version 9402-1.0-08/11/2006 2 HA Configuration Guide IMPORTANT NOTICE Elitecore has supplied this Information believing it to be accurate and reliable

More information

Optimizing Network and Client Performance Through Dynamic Airtime Scheduling. white paper

Optimizing Network and Client Performance Through Dynamic Airtime Scheduling. white paper Optimizing Network and Client Performance Through Dynamic Airtime Scheduling white paper Table of Contents Introduction... 3 Mixed Data Rates in Traditional Wireless LANs... 3 Aerohive QoS... 7 Dynamic

More information

The Benefits of Cloud Networking Enable cloud networking to lower IT costs & boost IT productivity

The Benefits of Cloud Networking Enable cloud networking to lower IT costs & boost IT productivity white paper The Benefits of Cloud Networking Enable cloud networking to lower IT costs & boost IT productivity Introduction The pressure for organizations, in the public or private sector, to reduce costs

More information

Decryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright 2007-2015 Palo Alto Networks

Decryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright 2007-2015 Palo Alto Networks Decryption Palo Alto Networks PAN-OS Administrator s Guide Version 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-us

More information

What s Next for the Next Generation Firewall Vendor Palo Alto Networks Overview. October 2010 Matias Cuba - Regional Sales Manager Northern Europe

What s Next for the Next Generation Firewall Vendor Palo Alto Networks Overview. October 2010 Matias Cuba - Regional Sales Manager Northern Europe What s Next for the Next Generation Firewall Vendor Palo Alto Networks Overview October 2010 Matias Cuba - Regional Sales Manager Northern Europe About Palo Alto Networks Palo Alto Networks is the Network

More information

Architecting User Identification (User-ID) Deployments

Architecting User Identification (User-ID) Deployments Architecting User Identification (User-ID) Deployments Strategies and Tactics guide PANOS 5.0+ Table of Contents SECTION 1: USER IDENTIFICATION SOFTWARE COMPONENTS EXTERNAL SYSTEMS REFERENCED BY USER IDENTIFICATION

More information

Placing the BlackBerry Enterprise Server for Microsoft Exchange in a demilitarized zone

Placing the BlackBerry Enterprise Server for Microsoft Exchange in a demilitarized zone Placing the for Originally posted: June 2002 Affected software versions BlackBerry Enterprise version 2.0 for Microsoft Exchange version 2.1 for Microsoft Exchange version 3.5 for Microsoft Exchange Summary

More information

ADS Integration Guide

ADS Integration Guide ADS Integration Guide Document version 9402-1.0-18/10/2006 Cyberoam ADS Integration Guide IMPORTANT NOTICE Elitecore has supplied this Information believing it to be accurate and reliable at the time of

More information

May 2010. Palo Alto Networks 232 E. Java Drive Sunnyvale, CA 94089 408-738-7700 www.paloaltonetworks.com

May 2010. Palo Alto Networks 232 E. Java Drive Sunnyvale, CA 94089 408-738-7700 www.paloaltonetworks.com Application Visibility and Control: In the Firewall vs. Next to the Firewall How Next-Generation Firewalls are Different From UTM and IPS-based Products May 2010 Palo Alto Networks 232 E. Java Drive Sunnyvale,

More information

User-ID. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright 2007-2015 Palo Alto Networks

User-ID. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright 2007-2015 Palo Alto Networks User-ID Palo Alto Networks PAN-OS Administrator s Guide Version 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-us

More information

Fortigate Features & Demo

Fortigate Features & Demo & Demo Prepared and Presented by: Georges Nassif Technical Manager Triple C Firewall Antivirus IPS Web Filtering AntiSpam Application Control DLP Client Reputation (cont d) Traffic Shaping IPSEC VPN SSL

More information

Palo Alto Networks Gets Top Marks for Solving Bandwidth and Security Issues for School District

Palo Alto Networks Gets Top Marks for Solving Bandwidth and Security Issues for School District Palo Alto Networks Gets Top Marks for Solving Bandwidth and Security Issues for School District BACKGROUND Located in British Columbia, Canada, the School District of Chilliwack is a learning community

More information

Installation Guides - Information required for connection to the Goldfields Institute s (GIT) Wireless Network

Installation Guides - Information required for connection to the Goldfields Institute s (GIT) Wireless Network Installation Guides - Information required for connection to the Goldfields Institute s (GIT) Wireless Network Wireless Network Names and Credentials There are two wireless networks operating at the Goldfields

More information

User-ID Best Practices

User-ID Best Practices User-ID Best Practices PAN-OS 5.0, 5.1, 6.0 Revision A 2011, Palo Alto Networks, Inc. www.paloaltonetworks.com Table of Contents PAN-OS User-ID Functions... 3 User / Group Enumeration... 3 Using LDAP Servers

More information

Log Insight Manager. Deployment Guide

Log Insight Manager. Deployment Guide Log Insight Manager Deployment Guide VERSION: 3.0 UPDATED: OCTOBER 2015 Copyright Notices Copyright 2002-2015 KEMP Technologies, Inc.. All rights reserved.. KEMP Technologies and the KEMP Technologies

More information

Microsoft SharePoint

Microsoft SharePoint Microsoft SharePoint VERSION: 1.1 UPDATED: JULY 2014 Copyright 2002-2014 KEMP Technologies, Inc. All Rights Reserved. Page 1 / 13 Copyright Notices Copyright 2002-2014 KEMP Technologies, Inc.. All rights

More information

Network Security for Mobile Users

Network Security for Mobile Users Network Security for Mobile Users Establishing a Logical Perimeter October 2014 Table of Contents Executive Summary 3 The Enterprise Standard of Security 4 Many Ways to Leave the Network 4 A Requiem for

More information

Getting Started with Apple Pay on the Authorize.Net Platform

Getting Started with Apple Pay on the Authorize.Net Platform Title Page Getting Started with Apple Pay on the Authorize.Net Platform September 2014 Authorize.Net Developer Support http://developer.authorize.net Authorize.Net LLC 082007 Ver.2.0 Authorize.Net LLC

More information

Cloud-Managed Mobility Platform for Education

Cloud-Managed Mobility Platform for Education White Paper Cloud-Managed Mobility Platform for Education Enabling modern classrooms to deliver immersive, personalized learning experiences, enhance campus productivity, and adopt new curriculum standards.

More information

Decommissioning the original Microsoft Exchange

Decommissioning the original Microsoft Exchange Decommissioning the original Microsoft Exchange Originally posted: March 2002 Affected software versions BlackBerry Enterprise Server version 2.0 and version 2.1 for Microsoft Exchange (all service pack

More information

Using Palo Alto Networks to Protect the Datacenter

Using Palo Alto Networks to Protect the Datacenter Using Palo Alto Networks to Protect the Datacenter July 2009 Palo Alto Networks 232 East Java Dr. Sunnyvale, CA 94089 Sales 866.207.0077 www.paloaltonetworks.com Table of Contents Introduction... 3 Granular

More information

Tech Brief. Enterprise Secure and Scalable Enforcement of Microsoft s Network Access Protection in Mobile Networks

Tech Brief. Enterprise Secure and Scalable Enforcement of Microsoft s Network Access Protection in Mobile Networks Tech Brief Enterprise Secure and Scalable Enforcement of Microsoft s Network Access Protection in Mobile Networks Introduction In today s era of increasing mobile computing, one of the greatest challenges

More information

Secure Cloud-Ready Data Centers Juniper Networks

Secure Cloud-Ready Data Centers Juniper Networks Secure Cloud-Ready Data Centers Juniper Networks JUNIPER SECURITY LEADERSHIP A $1B BUSINESS Market Leadership Data Center with High- End Firewall #1 at 42% Secure Mobility with SSL VPN #1 at 25% Security

More information

Deploying Advanced Firewalls in Dynamic Virtual Networks

Deploying Advanced Firewalls in Dynamic Virtual Networks SOLUTION GUIDE Deploying Advanced Firewalls in Dynamic Virtual Networks Enterprise-Ready Security for Network Virtualization 1 This solution guide describes how to simplify deploying virtualization security

More information

Design and Implementation Guide. Apple iphone Compatibility

Design and Implementation Guide. Apple iphone Compatibility Design and Implementation Guide Apple iphone Compatibility Introduction Security in wireless LANs has long been a concern for network administrators. While securing laptop devices is well understood, new

More information

Connectivity to Polycom RealPresence Platform Source Data

Connectivity to Polycom RealPresence Platform Source Data Polycom RealAccess Security White Paper The Polycom RealAccess service is delivered using the Software as a Service (SaaS) model. This white paper outlines how the service protects sensitive customer data

More information

WildFire. Preparing for Modern Network Attacks

WildFire. Preparing for Modern Network Attacks WildFire WildFire automatically protects your networks from new and customized malware across a wide range of applications, including malware hidden within SSL-encrypted traffic. WildFire easily extends

More information

How to Configure Captive Portal

How to Configure Captive Portal How to Configure Captive Portal Captive portal is one of the user identification methods available on the Palo Alto Networks firewall. Unknown users sending HTTP or HTTPS 1 traffic will be authenticated,

More information

Case Study - Configuration between NXC2500 and LDAP Server

Case Study - Configuration between NXC2500 and LDAP Server Case Study - Configuration between NXC2500 and LDAP Server 1 1. Scenario:... 3 2. Topology:... 4 3. Step-by-step Configurations:...4 a. Configure NXC2500:...4 b. Configure LDAP setting on NXC2500:...10

More information

Dell One Identity Cloud Access Manager 8.0.1- How to Configure for High Availability

Dell One Identity Cloud Access Manager 8.0.1- How to Configure for High Availability Dell One Identity Cloud Access Manager 8.0.1- How to Configure for High Availability May 2015 Cloning the database Cloning the STS host Cloning the proxy host This guide describes how to extend a typical

More information

User Identification (User-ID) Tips and Best Practices

User Identification (User-ID) Tips and Best Practices User Identification (User-ID) Tips and Best Practices Nick Piagentini Palo Alto Networks www.paloaltonetworks.com Table of Contents PAN-OS 4.0 User ID Functions... 3 User / Group Enumeration... 3 Using

More information

SDN for Wi-Fi OpenFlow-enabling the wireless LAN can bring new levels of agility

SDN for Wi-Fi OpenFlow-enabling the wireless LAN can bring new levels of agility WHITEPAPER SDN for Wi-Fi OpenFlow-enabling the wireless LAN can bring new levels of agility Copyright 2014 Meru Networks, Inc. All rights reserved. Table of Contents Executive summary... 3 Introduction...

More information

Firewall Feature Overview

Firewall Feature Overview Networking P A L O A LT O N E T W O R K S : F i r e w a l l F e a t u r e O v e r v i e w Firewall Feature Overview A next-generation firewall restores application visibility and control for today s enterprises

More information

Using Microsoft Active Directory Server and IAS Authentication

Using Microsoft Active Directory Server and IAS Authentication StoneGate How-To Using Microsoft Active Directory Server and IAS Authentication StoneGate Firewall/VPN 3.0.7 and Management Center 4.1 Table of Contents Basic Scenario...page 3 Configuring a Windows 2003

More information

tech note Palo Alto Networks Next- Generation Firewall and

tech note Palo Alto Networks Next- Generation Firewall and Palo Alto Networks Next- Generation Firewall and Aruba WLAN Integration Table of Contents Overview Why is this Integration Important? Aruba Controller and Palo Alto Networks Firewall Integration Details

More information

White Paper: Managing Security on Mobile Phones

White Paper: Managing Security on Mobile Phones White Paper: Managing Security on Mobile Phones April 2006 Managing Security on Mobile Phones April 2006 Table of Contents Abstract...2 Executive Summary...2 The Importance Of Managing Security On Mobile

More information

Streamlining Web and Email Security

Streamlining Web and Email Security How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Streamlining Web and Email Security sponsored by Introduction to Realtime Publishers by Don Jones, Series Editor

More information

Technical Brief ActiveSync Configuration for WatchGuard SSL 100

Technical Brief ActiveSync Configuration for WatchGuard SSL 100 Introduction Technical Brief ActiveSync Configuration for WatchGuard SSL 100 October 2009 With ActiveSync, users get push functionality to keep email, calendar, tasks, and contacts up to date on a mobile

More information

App-ID. PALO ALTO NETWORKS: App-ID Technology Brief

App-ID. PALO ALTO NETWORKS: App-ID Technology Brief App-ID Application Protocol Detection / Decryption Application Protocol Decoding Application Signature Heuristics App-ID uses as many as four identification techniques to determine the exact identity of

More information

Virtual LAN Configuration Guide Version 9

Virtual LAN Configuration Guide Version 9 Virtual LAN Configuration Guide Version 9 Document version 96-1.0-12/05/2009 2 IMPORTANT NOTICE Elitecore has supplied this Information believing it to be accurate and reliable at the time of printing,

More information

Using Self Certified SSL Certificates. Paul Fisher. Quest Software. Systems Consultant. Desktop Virtualisation Group

Using Self Certified SSL Certificates. Paul Fisher. Quest Software. Systems Consultant. Desktop Virtualisation Group Using Self Certified SSL Certificates Paul Fisher Systems Consultant paul.fisher@quest.com Quest Software Desktop Virtualisation Group Quest Software (UK) Limited Ascot House Maidenhead Office Park Westacott

More information

Preventing Data Leaks At The Firewall A Simple, Cost-Effective Way To Stop Social Security and Credit Card Numbers From Leaving Your Network

Preventing Data Leaks At The Firewall A Simple, Cost-Effective Way To Stop Social Security and Credit Card Numbers From Leaving Your Network Preventing Data Leaks At The Firewall A Simple, Cost-Effective Way To Stop Social Security and Credit Card Numbers From Leaving Your Network December 2008 Palo Alto Networks 232 E. Java Dr. Sunnyvale,

More information

REPORT & ENFORCE POLICY

REPORT & ENFORCE POLICY App-ID KNOWN PROTOCOL DECODER Start Decryption (SSL or SSH) Decode Signatures Policy IP/Port Policy Application Signatures Policy IDENTIFIED TRAFFIC (NO DECODING) UNKNOWN PROTOCOL DECODER Apply Heuristics

More information

Eliminating the cost and complexity of hardware controllers with cloud-based centralized management

Eliminating the cost and complexity of hardware controllers with cloud-based centralized management Eliminating the cost and complexity of hardware controllers with cloud-based centralized management Enterprise-class 802.11n wireless access points Centrally managed over the web Manages devices, applications,

More information

Healthcare Reference Architecture to Support Mobile Access for Point-of-care and Other Critical Applications

Healthcare Reference Architecture to Support Mobile Access for Point-of-care and Other Critical Applications white paper Healthcare Reference Architecture to Support Mobile Access for Point-of-care and Other Critical Applications Introduction...4 Healthcare Reference Architecture...5 Key Architecture Components...6

More information

Accessing BlackBerry Data Services Using Wi-Fi Networks

Accessing BlackBerry Data Services Using Wi-Fi Networks Accessing BlackBerry Data Services Using Wi-Fi Networks 2007 Research In Motion Limited. All rights reserved. 2 of 7 Contents Introduction...3 Wi-Fi access to BlackBerry data services...3 Priority for

More information

RSA Two Factor Authentication. Feature Description

RSA Two Factor Authentication. Feature Description RSA Two Factor Authentication Feature Description VERSION: 3.0 UPDATED: SEPTEMBER 2015 Copyright Notices Copyright 2002 2015 KEMP Technologies, Inc.. All rights reserved.. KEMP Technologies and the KEMP

More information

SSL VPN Client Installation Guide Version 9

SSL VPN Client Installation Guide Version 9 SSL VPN Client Installation Guide Version 9 Document version 96060-1.0-08/10/2009 IMPORTANT NOTICE Elitecore has supplied this Information believing it to be accurate and reliable at the time of printing,

More information

Azure Multi-Factor Authentication. KEMP LoadMaster and Azure Multi- Factor Authentication. Technical Note

Azure Multi-Factor Authentication. KEMP LoadMaster and Azure Multi- Factor Authentication. Technical Note KEMP LoadMaster and Azure Multi- Factor Authentication Technical Note VERSION: 1.0 UPDATED: APRIL 2016 Copyright Notices Copyright 2002-2016 KEMP Technologies, Inc.. All rights reserved.. KEMP Technologies

More information

Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance

Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance White Paper Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance Troy Herrera Sr. Field Solutions Manager Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA

More information

Reinventing Network Security, One Firewall at a Time. Chris King Director, Product Marketing www.paloaltonetworks.com

Reinventing Network Security, One Firewall at a Time. Chris King Director, Product Marketing www.paloaltonetworks.com Reinventing Network Security, One Firewall at a Time Chris King Director, Product Marketing www.paloaltonetworks.com Agenda About Palo Alto Networks The Evolving Nature of Applications Why Traditional

More information

Mobile-first Enterprise: Easing the IT Burden

Mobile-first Enterprise: Easing the IT Burden MOBILE FIRST ENTERPRISE 1 White Paper Mobile-first Enterprise: Easing the IT Burden 10 Requirements for Optimizing Your Network for Mobility 2 MOBILE FIRST ENTERPRISE Table of Contents Executive Summary

More information

PAN-OS Syslog Integration

PAN-OS Syslog Integration PAN-OS Syslog Integration Tech Note Revision M 2012, Palo Alto Networks, Inc. www.paloaltonetworks.com Contents Log Formats...3 TRAFFIC...3 Descriptions...3 Subtype Field...5 Action Field...6 Flags Field...6

More information

ARCHITECT S GUIDE: Mobile Security Using TNC Technology

ARCHITECT S GUIDE: Mobile Security Using TNC Technology ARCHITECT S GUIDE: Mobile Security Using TNC Technology December 0 Trusted Computing Group 855 SW 5rd Drive Beaverton, OR 97006 Tel (50) 69-056 Fax (50) 644-6708 admin@trustedcomputinggroup.org www.trustedcomputinggroup.org

More information

Palo Alto Networks Next-Generation Firewall Overview

Palo Alto Networks Next-Generation Firewall Overview Palo Alto Networks Next-Generation Firewall Overview The firewall is the most strategic network security infrastructure component, it sees all traffic, and as such, is in the most effective location to

More information

IMX Mobile Proxy Administration

IMX Mobile Proxy Administration IMX Mobile Proxy Administration System Manual (v1.0.0 11.07.2013) Copyright This document is Copyright 2013 by etellicom Pty. Ltd. IMX Mobile Proxy Administration Guide Commercial in Confidence Page 1

More information

VM-Series for VMware. PALO ALTO NETWORKS: VM-Series for VMware

VM-Series for VMware. PALO ALTO NETWORKS: VM-Series for VMware VM-Series for VMware The VM-Series for VMware supports VMware NSX, ESXI stand-alone and vcloud Air, allowing you to deploy next-generation firewall security and advanced threat prevention within your VMware-based

More information

LDAP Synchronization Agent Configuration Guide for

LDAP Synchronization Agent Configuration Guide for LDAP Synchronization Agent Configuration Guide for Powerful Authentication Management for Service Providers and Enterprises Version 3.x Authentication Service Delivery Made EASY LDAP Synchronization Agent

More information

DIGIPASS Authentication for Cisco ASA 5500 Series

DIGIPASS Authentication for Cisco ASA 5500 Series DIGIPASS Authentication for Cisco ASA 5500 Series With IDENTIKEY Server 2010 Integration VASCO Data Security. Guideline All rights reserved. Page 1 of 20 Disclaimer Disclaimer of Warranties and Limitations

More information

The Benefits of SSL Content Inspection ABSTRACT

The Benefits of SSL Content Inspection ABSTRACT The Benefits of SSL Content Inspection ABSTRACT SSL encryption is the de-facto encryption technology for delivering secure Web browsing and the benefits it provides is driving the levels of SSL traffic

More information

June 2012. Palo Alto Networks 3300 Olcott Street Santa Clara, CA 94089 www.paloaltonetworks.com

June 2012. Palo Alto Networks 3300 Olcott Street Santa Clara, CA 94089 www.paloaltonetworks.com The Application Usage and Risk Report An Analysis of End User Application Trends in the Enterprise Regional Findings Americas (Latin and South America, Canada, U.S.A.) Europe, Africa, Middle East Asia

More information

Mac OS X Lion Server

Mac OS X Lion Server ng Mac OS X Lion Server Charles Edge, Jr. O'REILLY Beijing Cambridge Farnham Kbln Sebastopol Tokyo Table of Contents Preface ix 1. Planning 1 The Minimum 1 Server Allocation 2 Service Allocation 2 Choosing

More information

Cyberoam Configuration Guide for VPNC Interoperability Testing using DES Encryption Algorithm

Cyberoam Configuration Guide for VPNC Interoperability Testing using DES Encryption Algorithm Cyberoam Configuration Guide for VPNC Interoperability Testing using DES Encryption Algorithm Document Version:2.0-12/07/2007 IMPORTANT NOTICE Elitecore has supplied this Information believing it to be

More information