Thursday, August 9, 2018

PANOS remote-admin authentication with JumpCloud

Here's a simple & basic design setup for the authentication of PANOS administrators using a authentication profile . We are using LDAP-aaS within jumpcloud.

My jumpcloud user has been defined as ken.felix and he has enrolled. This user will be enabled as a panos admin in the firewall.

PANOS  requires you to define the  adminuser and attached a authentication-profile. I also have a service-route due to the fact that I'm using my public-interface and dataplane to gain access to jumpcloud's LDAP-aaS  LDAPS server

The PANOS test cmd allows us to  validate  the user and connectivity to jumpcloud. It will also confirm base and bind DN values

We can  review systems admin and logs for  details.


NOTE: In  the  Jumpcloud admin portal to disable the  remote-user, remove the account name from the LDAP-group

You can combine  Jumpcloud RADIUS-aaS with Duo and   provide simple MFA authentication similar to this approach

NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com
     ^      ^
=(  @  @ )=
        /  \

No comments:

Post a Comment