Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1600
Views
1
Helpful
2
Replies

TACACS attribute for FG/CP/PAN

Go to solution
Anjan Das
Level 1
Level 1

‎09-20-2017 04:43 AM

Hi Team,

Please suggest attribute for Fortinet FW, Paloalto FW and Checkpoint FW for authenticate through TACACS+ of ISE.

I am not able to find right attribute.

Regards

Anjan

1 Accepted Solution

Accepted Solutions

Go to solution
Craig Hyps
Level 10
Level 10

‎09-20-2017 02:19 PM

Not clear of the ask.  Often the integration is to validate the authentication of a specific user via TACACS+ protocol.  It is possible to perform authorization and ISE should be able to return whichever attribute expected by NAD as an authorization.  Best to refer to individual vendor docs for the specific use case you need. 

Craig

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Craig Hyps
Level 10
Level 10

‎09-20-2017 02:19 PM

Not clear of the ask.  Often the integration is to validate the authentication of a specific user via TACACS+ protocol.  It is possible to perform authorization and ISE should be able to return whichever attribute expected by NAD as an authorization.  Best to refer to individual vendor docs for the specific use case you need. 

Craig

0 Helpful

Go to solution
hslai
Cisco Employee
Cisco Employee

‎09-20-2017 02:31 PM

Craig is correct.

Fortinet FW does not appear to use its Vendor-specific attributes. Checkpoint seems useing privilege levels, per Best Practices - Configuring Cisco ACS 5 server for TACACS+ authentication with Gaia OS. Palto Alto Networks appears using admin roles, per How to configure Tacacs authentication with Palo Alto Networks firewall - Live Community.


0 Helpful
Customers Also Viewed These Support Documents