Dell PowerConnect W Clearpass 100 Software Palo Alto Networks User-ID Services - Page 9

Configuring the Palo Alto Networks User-ID Service To configure the Palo Alto Networks plugin: 1. Click on the Configuration option of the Palo Alto Networks Plugin shown in the Manage Plugins list. 2. To start the XML API service, click the Enable checkbox to enable the plugin. Amigopod leverages its advanced RADIUS authentication engine to allow the Palo Alto Networks XML API calls to be made every time there is a successful RADIUS login or logout. As the description implies, the API calls are triggered by the receipt of RADIUS accounting start and stop messages. It is essential the Wired or Wireless Access Controller must be configured correctly to support RADIUS accounting otherwise the Palo Alto Networks firewall will not be updated with the real time user identity information. 3. Configure the following settings: • User-ID Agent: The IP Address of the User-ID Agent installed on the Windows host must be configured at this step. The Palo Alto Networks firewall does not accept direct API calls and all communications must flow through the User-ID Agent so it is critical that this IP Address is of the Agent and not the firewall itself. • Port Number: The default port number that the Palo Alto Networks User-ID Agent listens to for inbound XML API calls is 5006. This is user configurable on both the Amigopod and User-ID Agent. • Username Prefix: The Palo Alto Networks plugin versions 0.7.0 and later allow you to optionally specify a prefix to add to usernames, e.g., GUEST\ Amigopod |Technical Note Palo Alto Networks User-ID Services|9