Integration between Aruba Controller and PaloAlto 7.1

Salam Alycom

you can make integration between Palo Alto And Aruba Controller to get User IP Map from Aruba to Plao Alto by using XML-API Tech .

what you need is only follow the steps in this link

Click to access SG_PaloAltoNetworks.pdf

its good document from aruba but really i face issue and the integration  after upgrade Plao Alto from 7.0 to 7.1 , but after some analysis and open case with palo alto i note aruba refuse the PaloAlto certificate is unknown cert.

for that you need to make the following configuration after finish the documentation steps

1 in paloalto Firewall

A- Create certificate  and i recommend the following link

https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Generate-a-New-Self-Signed-SSL-Certificate/ta-p/53215

after that download the certificate and save it folder

B- Create SSL/TLS Profile

device >certificate Management > SSL/TLS service Profile > add > “add any name and choose cerificate that you create it before and save and commit

C- after that go to device>setup>Management>general Settings > ssl/tls service profile”choose SSL profile that you created it before ” , and  commit

 

2 Aruba Controller Side

Configuration > Certificates > upload

add any name

upload paloAlto Cert

Passphrase (optional)  : “Leave it blank ”

Certificate Format  : PEM

Certificate Type : trusted CA

 

after finish you can check it by the following command

in aruba

(Master) #show pan state

Palo Alto Networks Servers Connection State[PA-3060]
—————————————————-
Firewall State
——– —–
“PaloAlto ip”:443 UP[05/09/16 12:32:13]Established

in paloalto

show user ip-user-mapping all

in from section you must see some user  “XMLAPI”

 

 

Ahmed Omar