Alcatel-Lucent AOS-W 6.5.3.x

To Next Page

To Previous Page

690| Palo Alto Networks Firewall Integration AOS-W 6.5.3.x| User Guide

Certificate Management

The issuer certificate of the x509 server certificate used by the Palo Alto Networks firewall must be imported

into all master and local switches as a trusted CA in order to establish a secure HTTPS connection between the

firewall and that switch.

User-ID Support

The administrator must configure firewall policies based on user-name and/or user-group. Additionally, correct

configuration of connection to directory servers is needed for user-group based policies on the PANfirewall.

Device-Type Based Policy Support

The switch supports a limited number of device types. The identified device type associated with each IP user

will be sent to the PANin the client-version field with the host-info category of the HIP-report.

PANadministrators must create these HIP objects, which filter the HIP-reports sent from the switch to support

device-type based firewall policies.

Table 153 lists the HIPobjects with a specified Is Value in the Client Version field, which must be

preconfigured on the PANfirewall.

Table 153: HIP Objects

Client Version IsValue

Android

Apple

AppleTV

BlackBerry

Chrome OS

iPad

iPhone

iPod

Kindle

Linux

Nintendo

Nintendo 3DS

Nintento Wii

Alcatel-Lucent AOS-W 6.5.3.x - Page 690