Net Worker World

Scenario: Panorama (192.168.1.252) manages Chicago-FW (192.168.1.254) and Burlin-FW (192.168.1.253) Device Group: Template: Goal: AD user chicago-fw-admin (in AD group Chicago-FW-Admins) login Panorama can only configure HQ-DG and US-Stack. AD user berlin-fw-admin (in AD group Berlin-FW-Admins) login Panorama can only configure Branch-DG and Germany-Stack. Create Amdin Role This example created two admin roles, but here they are same. Create Access Domain Create Access Domain Create ISE Server Profile Create Authentication Profile Apply Authentication Settings Panorama > Setup > ISE settings: Add PaloAlto dictionary Policy > Policy Elements >Dictionaries > System > radius > RADIUS Vendors https://docs.paloaltonetworks.com/resources/radius-dictionary.html Created Network device Profile Add Panorama as a network device: Create two Authorization Profiles: Authorization Policies =============== Packet capture

 1. Version jliu@ubuntu:~$ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description:    Ubuntu 22.04.2 LTS Release:        22.04 Codename:       jammy jliu@ubuntu:~$ 2. Configure static IP 2.1 check current IP and NIC name no ip is assigned from DHCP server, NIC name is ens33 2.2 check the DHCP configure file 2.3 Make a backup of current  DHCP configure file and delete it, then create a new file for static IP assignment. 2.4 Create static.yaml using Nano with following format. network:   version: 2   renderer: networkd   ethernets:     ens33:       addresses:         - 192.168.xxx.xxx/24       nameservers:         search: [mydomain, otherdomain]         addresses: [1.1.1.1 8.8.8.8]       routes:         - to: default           via: 192.168.xxx.xxx 2.5 Apply the change 3. Installing Apache sudo apt update sudo apt install apache2

  ISE Profiling Design Guide How To Create an Endpoint Profile