Security

Expand all | Collapse all

Extreme Control Appliance as accounting proxy for sso

  • 1.  Extreme Control Appliance as accounting proxy for sso

    Posted 12-07-2018 11:53
    Hello,

    is it possible to use control appliance/engine as accounting proxy for sso on firewalls?

    situation:
    Control appliance/engine is set as radius & accounting server.
    We like to forward accounting information to firewall for using SSO and authentication based policy on firewall.

    Is this possible and is it possible without NMS ADV & Connect-API?


  • 2.  RE: Extreme Control Appliance as accounting proxy for sso

    Posted 12-07-2018 15:45
    What brand of firewall?


  • 3.  RE: Extreme Control Appliance as accounting proxy for sso

    Posted 12-07-2018 16:04
    I'd like to know in general, so the firewall brand is not so important.
    In one special case it's Watchguard.


  • 4.  RE: Extreme Control Appliance as accounting proxy for sso

    Posted 12-07-2018 16:25
    I know it can be done on Fortigate and Palo Alto, but you need the Advanced version and be able to utilize the connect api.


  • 5.  RE: Extreme Control Appliance as accounting proxy for sso

    Posted 12-09-2018 15:33
    NMS-ADV is needed. You can use different modules to achieve this. the most generic one is for LightSpeed and you can use it for Sonicwall firewall and for CheckPoint also.

    https://github.com/extremenetworks/Integrations/blob/master/README.md


  • 6.  RE: Extreme Control Appliance as accounting proxy for sso

    Posted 02-15-2021 10:17

    Do we have any updates here regarding sso forwarding?

    Is it now possible to create "connect modules" yourself? If so, is there any documentation?



  • 7.  RE: Extreme Control Appliance as accounting proxy for sso

    Posted 02-15-2021 14:20

    Hi PeterK

    Connect modules are delivered/developed/maintained by Extreme. You can create your own “middleware” that will use Connect or XMC through NBI.



  • 8.  RE: Extreme Control Appliance as accounting proxy for sso

    Posted 02-15-2021 15:33

    thank you.

    Just to prevent a misunderstanding, there is no other way to send only radius accounting information to other radius servers or devices like firewalls?

    In NAC AAA you can define uplink radius servers and enable “Proxy RADIUS Accounting Requests”

    But from my understanding I can’t use this, when my local control-engines handle the complete authentication process, right?



  • 9.  RE: Extreme Control Appliance as accounting proxy for sso

    Posted 02-15-2021 15:50

    But “create connect module” and “send radius accounting” are two different questions… Thank you for request to clarification.

     

    I am using “LightSpeed Systems” connect module to send radius accounting messages to 3rd party solutions. The module sends the info if both IP and Username is known.

     

    Proxy Radius Accounting (Radius server settings) is used only if Proxy to upstream Radius server is used (AAA rules)