Fortinet black logo

Palo Alto Networks Integration

Home FortiNAC-F 7.2.0 Palo Alto Networks Integration
7.2.0
7.4.0
7.2.0

What it Does

What it Does

The following features operate independently of each other. Both can be configured, if desired.

Syslog Management

Syslog Integration enables FortiNAC to respond based on Syslog messages sent from the

Palo Alto firewall. These messages provide information FortiNAC can use to

send notifications (such as email), or take action against the associated host, such as disabling the host or marking it at risk.

Single Sign-On (SSO)

Provides automatic application of Palo Alto firewall policies to hosts connecting to the network. This is achieved through the use of XML API messaging sent from FortiNAC to a Single Sign-On Agent configured in the firewall. With this information, the firewall can apply user-specific policies.

VPN

FortiNAC controls access to the remote user’s device connecting over the VPN. In order for the device to be able to gain access the network, FortiNAC must know about the connecting device and verify the device is in good standing.

  1. When a user connects to the VPN tunnel, the device is restricted.

  2. FortiNAC identifies the device as known and trusted.

  3. Firewall tags are sent to the Palo Alto so the correct policy is matched and device is

    unrestricted.

If configured for endpoint compliance, the device’s security posture is evaluated. Network access is restricted upon failure. Click on the desired feature to proceed:

Syslog Management

Single Sign-On (SSO)

VPN Integration

Previous
Next

What it Does

The following features operate independently of each other. Both can be configured, if desired.

Syslog Management

Syslog Integration enables FortiNAC to respond based on Syslog messages sent from the

Palo Alto firewall. These messages provide information FortiNAC can use to

send notifications (such as email), or take action against the associated host, such as disabling the host or marking it at risk.

Single Sign-On (SSO)

Provides automatic application of Palo Alto firewall policies to hosts connecting to the network. This is achieved through the use of XML API messaging sent from FortiNAC to a Single Sign-On Agent configured in the firewall. With this information, the firewall can apply user-specific policies.

VPN

FortiNAC controls access to the remote user’s device connecting over the VPN. In order for the device to be able to gain access the network, FortiNAC must know about the connecting device and verify the device is in good standing.

  1. When a user connects to the VPN tunnel, the device is restricted.

  2. FortiNAC identifies the device as known and trusted.

  3. Firewall tags are sent to the Palo Alto so the correct policy is matched and device is

    unrestricted.

If configured for endpoint compliance, the device’s security posture is evaluated. Network access is restricted upon failure. Click on the desired feature to proceed:

Syslog Management

Single Sign-On (SSO)

VPN Integration

Previous
Next