This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Forward PPSK Accounting Information to Firewall?

Forward PPSK Accounting Information to Firewall?

PeterK
Contributor III

‎07-19-2024 04:07 AM

Hi @all,

is it possible to forward accounting information, like usernames, group-names or profile-names from endsystems authenticating via PPSK, to a Firewall?

I want to match firewall rules based on identities of endsystems.

With 802.1X it is possible via radius accounting. But with PPSK?

0 Kudos
1 REPLY 1

Brent_Addis
Contributor

‎07-29-2024 02:51 PM

Couple of options:

A) The AP's can send information via syslog. I don't know what FW vendor you are using, however Palo Alto has a syslog listener that can receive this and use a filter to pickup usernames. You can also run the UserID agent on your servers to pickup this data and hold it for the firewall to pick up.

B) Radius accounting. Some firewall vendors (I believe fortinet used to do this, not sure if that's changed) will access radius accounting packets for use in identifying users. https://documentation.extremenetworks.com/XIQC/RADIUS_AUTH_XIQSE/GUID-413668A2-BD89-4FC3-AA7E-941790...

 

 

-----
-Brent Addis / Extreme Black Belt #491

New to Extreme? Check out the Welcome series here - https://training.extremenetworks.com/welcome-series-1
Want to join the official Extreme learners discord? Let me know!
0 Kudos
GTM-P2G8KFN