10-02-2017 11:54 AM
I have a wide array of devices in my environment and was wondering if there are any Network Device Profiles for Fortinet and Palo Alto devices?
Solved! Go to Solution.
10-03-2017 06:24 AM
For TACACS+, there is no special config needed for the NAD Profile. If simply wish to have option to select a certain vendor, then suggest simply add new profile (give it a name, set vendor to "Other", enable TACACS+, and optionally set icon and description to specific vendor).
/Craig
10-02-2017 12:02 PM
Network device profiles are used for wired, wireless and VPN use cases.
https://communities.cisco.com/docs/DOC-64547
The vendors you mention aren’t used for user connectivity to the network.
Fortinet I believe is used as a firewall for perhaps internet connectivity and all that can be done is perhaps log guest traffic? There are community posts on that
Palo Alto is another firewall but I don’t currently see any integration from them. This is also not a valid case. For example Checkpoint is able to use Trustsec SGT (Scalable Group Tags) to match policies shared via PXgrid.
Would be best to research what each device is used for and the possible integration behind that. And if you have further questions please reach out
10-02-2017 12:09 PM
Thanks Jason, I am mainly interested in the Fortinet's because we are implementing an SD-WAN solution and the Fortinets will be passing some of that traffic.
I also would like to have the profiles so that I would be able to properly classify the devices within ISE, we do our TACACS authentication and authorization through ISE and cant label those devices correctly right now.
Thanks,
Niko Zivanovich
10-02-2017 12:24 PM
There are no network device profiles because Fortinet doesn’t do wired/wireless or VPN connectivity for the end users. You don’t add Fortinet devices to ISE.
If you are talking about profiling the network access devices just to see what is out there then make sure after ISE is up and running.
I still don’t see the use case and how it integrates with ISE.
For TACACs its fairly straightforward. You add the Network access device that needs to process device admin. There are no profiles to handle this. It should work as long as they follow the standards.
If there are still problems you can work with the TAC as well for troubleshooting
10-02-2017 12:34 PM
Easier shown in the picture below, I will be adding the Fortinet Firewalls, switches, and controllers into ISE for the TACACS authentication. Currently I am only able to classify those devices as: Cisco, HP, Aruba, Brocade, and Ruckus; was hoping to add other Vendor device profiles so that I could classify my network devices correctly.
10-02-2017 01:07 PM
Please follow the process here and work with the TAC
https://communities.cisco.com/docs/DOC-64547
Then please share
10-03-2017 06:24 AM
For TACACS+, there is no special config needed for the NAD Profile. If simply wish to have option to select a certain vendor, then suggest simply add new profile (give it a name, set vendor to "Other", enable TACACS+, and optionally set icon and description to specific vendor).
/Craig
01-22-2020 02:30 PM
Hi Jason,
Do we have a Network Device Profile for Broadcom switches? If so, is there any documentation on the same that can be used to create the profile?
Thanks
Sampath
01-29-2020 10:40 AM
@sampathss wrote:
Hi Jason,
Do we have a Network Device Profile for Broadcom switches? If so, is there any documentation on the same that can be used to create the profile?
Thanks
Sampath
unfortunately we don't have everything out there. I'd work with Broadcom to see what they need as well and please share if not already here
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide