Manualshelf

User's Manual

ManualsBrandsHP ManualsSoftwareHP Cloud Network Manager Software Series
71727374757677787980
71 | Wireless configuration HP Cloud Network Manager | User Guide
5. Select required Bonjour support services. To allow all services, select ALLOWALL.
6. Based on the services configured, you can block any user roles and VLAN from accessing a Bonjour support
service. The user roles and VLANs marked as disallowed are prevented from accessing the
correspondingBonjour support service. You can create a list of disallowed user roles and VLANs for all Bonjour
support services configured on the AP. For example, If the AirPlay service is selected, the Edit links for the
AIRPLAY DISALLOWED ROLES and AIRPLAY DISALLOWED VLANS are displayed. Similarly, if sharing
service is selected, the Edit links for the SHARING DISALLOWED ROLES and SHARING DISALLOWED
VLANS are displayed.
l To block user roles from accessing a Bonjour support service, click the corresponding Edit link and select
the user roles for which you want to restrict access. By default, an Bonjour support service is accessible by
all user roles configured in your AP cluster.
l To select VLANs from allowing access to Bonjour support service, click the corresponding Edit link and
select the VLANs to exclude. By default, the Bonjour support services are accessible by users or devices in
all VLANs configured in your AP cluster.
Integrating an AP with Palo Alto Networks firewall
Palo Alto Networks (PAN) next-generation firewall offers contextual security for all users for safe enabling of
applications. A simple firewall beyond basic IP address or TCP port numbers only provides a subset of the
enhanced security required for enterprises to secure their networks. In the context of businesses using social
networking sites, legacy firewalls are not able to differentiate valid authorized users from casual social networking
users.
The Palo Alto next-generation firewall is based on user ID, which provides many methods for connecting to
sources of identity information and associating them with firewall policy rules. For example, it provides an option to
gather user information from Active Directory or LDAP server.
Integration with Cloud Network Manager
The functionality provided by the PAN firewall based on user ID requires the collection of information from the
network. AP maintains the network (such as mapping IP address) and user information for its clients in the network
and can provide the required information for the user ID feature on PAN firewall. Before sending the user-ID
mapping information to the PAN firewall, the AP must retrieve an API key that is used for authentication for all
APIs.
AP and PAN firewall integration can be seamless with the XML-API that available with PAN-OS 5.0 or later.
To integrate an AP with PAN user ID, a global profile is added. This profile can be configured on an AP with PAN
firewall information such as IP address, port, user name, password, firewall enabled or disabled status.
The AP sends messages to PAN based on the type of authentication and client status:
l After a client completes the authentication and is assigned an IP address, AP sends the login message.
l After a client is disconnected or dissociated from the AP, the AP sends a logout message.
Configuring an AP for PAN integration
To configure an AP for PAN firewall integration:
1. Select Wireless Configuration > Services. The Services pane is displayed.
2. Click NETWORK INTEGRATION. The PAN firewall configuration options are displayed.
3. Select ENABLE to enable PAN firewall.
4. Specify the USERNAME and PASSWORD. Ensure that you provide user credentials of the PAN firewall
administrator.
5. Enter the PAN firewall IP ADDRESS.