04-04-2022 05:56 AM
Good morning,
I am attempting to setup our Palo Alto Firewalls to use certificate authentication by sending our login information to ISE using radius and having ISE lookup the identity in active directory as an external authentication source. I realize I can just setup out Palos to do LDAP with AD and perform authentication and authorization but our network security team would like to keep control of the authorization piece instead of relying on the server team to determine who and what kind of access people have to the firewalls. Is this something that will work? I see the connection to ISE over radius and that I can select an external authentication source for the account used in ISE but so far nothing is working.
Solved! Go to Solution.
04-04-2022 03:10 PM - edited 04-04-2022 03:15 PM
The second link shows how to do this.
Else, use this:
Configure RADIUS Authentication
You'll have to add the firewall as a NAD in a Network Device Group. Then you can use that NDG as a condition for a Policy Set to authenticate to ISE. MS-CHAPv2 is the default protocol that Palo Alto Firewalls use for this.
04-04-2022 01:49 PM
Check out these articles. If you have Device Admin License and want to use TACACS+ to log into the Palo Alto firewall, then Palo Alto has the steps:
How to configure TACACS authentication against Cisco ISE
If you'd rather use RADIUS to login to the firewall, use this entry:
Configuring Palo Alto Administrator Authentication with Cisco ISE (Radius)
04-04-2022 02:02 PM
I don't want to do either of these things. I want to send my credentials to ise using radius and for ise to authenticate those credentials against active directory.
04-04-2022 03:10 PM - edited 04-04-2022 03:15 PM
The second link shows how to do this.
Else, use this:
Configure RADIUS Authentication
You'll have to add the firewall as a NAD in a Network Device Group. Then you can use that NDG as a condition for a Policy Set to authenticate to ISE. MS-CHAPv2 is the default protocol that Palo Alto Firewalls use for this.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide