Release Notes
0511587-03 | September 2014 Dell Networking W-Series Instant 6.4.2.0-4.1.1 | CLI Reference Guide
firewall-external-enforcement
firewall-external-enforcement pan
disable
enable
ip <address>
port <port>
user <name> <password>
no…
Description
This command configures external firewall details such as Palo Alto Networks(PAN) firewall to enable
integration with the W-IAP.
Syntax
Parameter Description Range
Default
firewall-external-enforcement
pan
PAN firewall configuration
sub-mode.
— —
disable
Disables PAN firewall. — —
enable
Enables PANfirewall. — —
ip <address>
Configures PAN firewall IP
address on the W-IAP
— —
port <port>
Configures a port for the PAN
firewall
1—65535 443
user <name> <password>
Configures administrator user
credentials of PAN firewall on
a W-IAP.
— —
no…
Removes the specified
configuration parameter.
— —
Usage Guidelines
Use this command to enable external firewall integration with W-IAP. In Instant 6.3.1.1-4.0 release, W-IAPs can
be integrated with external firewall such as PAN firewall. The PAN firewall is based on user ID, which provides
many methods for connecting to sources of identity information and associating them with firewall policy
rules. The functionality provided by the PAN firewall based on user ID requires the collection of information
from the network. W-IAP maintains the network (such as mapping IP address) and user information for those
clients in the network and provides the required information for the user ID feature on PAN firewall.
To enable W-IAP integration with PAN firewall, a global profile configured on W-IAP with PAN firewall
information such as IP address, port, user name, password, firewall enabled or disabled status.
Example
The following example configures PAN firewall information on a W-IAP:
(Instant AP)(config)# firewall-external-enforcement pan
(Instant AP)(firewall-external-enforcement pan)# enable
(Instant AP)(firewall-external-enforcement pan)# ip 192.0.2.11
(Instant AP)(firewall-external-enforcement pan)# port 443