Configure Cisco ISE with RADIUS for Palo Alto Networks

Configure Cisco ISE with RADIUS for Palo Alto Networks

Created On 09/25/18 17:30 PM - Last Modified 04/21/20 00:20 AM



Hello everyone, this is Ion Ermurachi from the Technical Assistance Center (TAC) Amsterdam.
In this video, I am going to demonstrate how to configure Cisco ISE 2.1 with RADIUS vendor ID for Palo Alto Networks and its associated VSAs. Vendor for PANW is 25461 and at the moment of recording there are 10 VSAs.

Let's open Cisco ISE and to dictionary the new RADIUS VSAs.

We will go to Policies > Dictionaries, then select System, go under RADIUS, go under Radius Vendor list and then click on Add; for the name I will choose PaloAltoNetworks, vendor ID is 25461, click Submit.

Then chosoe PaloAltoNetworks and under Dictionary Attributes, we will add the list of VSAs, the 10 attributes. Let's start with number 1.

#1 PaloAlto-Admin-Role
#2 PaloAlto-Access-Domain
#3 PaloAlto-Panorama-Admin-Role
#4 PaloAlto-Access-Domain
#5 PaloAlto-User-Group
#6 PaloAlto-User-Domain
#7 PaloAlto-Source-IP
#8 PaloAlto-PaloAlto-Client-OS
#9 PaloAlto-Client-Hostname
#10 PaloAlto-GlobalProtect-Version

As an extra step, I will add a new network device profile.

Go under Administration > Network Resources > Network Device Profile, then click Add, Palo Alto Networks device profile for name. I would like to change the icon, choose vendor as other.

I will put vendor as other, RADIUS as support protocols, and choose Palo Alto Networks; then click Submit.

Now you can see the Palo Alto Networks device profile and the Palo Alto Networks logo.

That would be all. Thanks for watching and see you in the next video.

Additional Information

To find the Palo Alto Networks RADIUS dictionary, click the below link.

  • Print
  • Copy Link

Choose Language