Dell PowerConnect W Clearpass 100 Software Palo Alto Networks User-ID Services - Page 7

3 Network Design The following diagram shows a sample network architecture where a typical Guest Access network is delivered by an Aruba Networks wireless solution. The Aruba controller that performs authentication and access control tasks for the wireless users has been complemented by the integration of both the Amigopod and Palo Alto Networks technology. It should be noted that the integration with Palo Alto Networks technology is possible using other Amigopod supported NAS devices such as wireless/wired controllers from other enterprise manufacturers. An integral part of Palo Alto Networks current User-ID solution is the User-ID Agent, which is installed on a Windows host machine on the network. For the Microsoft Active Directory integration the User-ID Agent is installed on a domain workstation or server and uses a domain account that has access to the Active Directory tree. For the Amigopod integration, the User-ID agent can be installed on any network connected Windows host that has IP access to both the Palo Alto Networks firewall and the Amigopod Visitor Management Appliance. As can be seen in the above diagram, the User-ID agent deployed in the sample network design has been allocated an IP Address of 10.0.20.53 and communicates with both the Amigopod and the Palo Alto Networks firewall across the local network. Once the Palo Alto Networks is configured to support the User-ID service as detailed in the next section, an outbound connection will be made to the IP Address of the Windows host running the User-ID Agent. It is essential that any host based firewalling implemented on this Windows device be modified to permit this style of traffic from both the firewall and Amigopod API processes. Amigopod |Technical Note Palo Alto Networks User-ID Services|7