Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
757
Views
0
Helpful
3
Replies

INTEGRATING CISCO ISE GUEST AUTHENTICATION WITH PAN-OS

Go to solution
craiglebutt
Level 4
Level 4

‎11-12-2018 04:03 AM

Hi

 

I've been playing around with this for a while, and now got it working.

Have a slight issue.

 

When a new guest joins, for example Bob Builder, ISE gives him account of Bbuilder, he connects through a sponsored portal, changes his password ext, starts to surf, the traffic is then captured on the Palo Alto, with the Bbuilder.

Bob stops using his device.  Them 40 mins later start using it again, but he is still connected to the wlan, not prompted to enter username.  But when he surfs now, he username is no longer showing up in source name on the palo alto.

 

 

Any ideas on how to get him to authenticate again or keep passing the details though.  Is there a session timer some where on the ISE that needs changing?

 

 

cheers

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎11-12-2018 04:15 AM

Craig I assume you’re basing access of the guest remember functionally described here? And using syslog sent to PAN from ISE? likely you will need to run ise 2.4


https://community.cisco.com/t5/security-documents/ise-2-3-remember-me-guest-using-guest-endpoint-group-logging/ta-p/3641150


View solution in original post

0 Helpful
3 Replies 3

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎11-12-2018 04:15 AM

Craig I assume you’re basing access of the guest remember functionally described here? And using syslog sent to PAN from ISE? likely you will need to run ise 2.4


https://community.cisco.com/t5/security-documents/ise-2-3-remember-me-guest-using-guest-endpoint-group-logging/ta-p/3641150


0 Helpful

Go to solution
craiglebutt
Level 4
Level 4
In response to Jason Kunst

‎11-12-2018 04:27 AM

HI


Cheers for quick response, currently on 2.2, scheduling upgrade 2.4 In Jan

 

cheers

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to craiglebutt

‎11-12-2018 04:30 AM

So is my assumption correct? You’re using syslog and running into this issue?

Also for now the would need to remove the remember me if they want tracking every time

Basic non remember me credentialed flow in the guest deployment guide


https://community.cisco.com/t5/security-documents/ise-guest-access-prescriptive-deployment-guide/ta-p/3640475
0 Helpful
Customers Also Viewed These Support Documents