In PaloAlto, consider the case for a certain NW segment and authentication target of CaptivePortal.In its NW segment, "I want the host which has a certain IP address to communicate without sending the credential information," you have there is a need.
In such a case, using the XML-API leads the only target IP to the state which is always authenticated .
How to use XML-API
Auto cooperation of using only the NW communication is also possible, but it is simple easy-to-understand better of manual registration using the WebUI of PaloAlto.
WebUI for the XML-API is called API Browser, URL is as follows.
Then you get the following screen.
You need originally the "API-KEY" information in order to use the XML-API, but if you access to the URL in a state authenticated to the normal management Web console, API-KEY is not required.
Certification = Authentication Exclusion
Click on the "User ID" in the API Browser, enter the XML such as the following, and then Submit.
<version>1.0</version>
<type>update</type>
<payload>
<login>
<entry name="test-user1" ip="192.168.1.1"></entry>
<entry name="test-user2" ip="192.168.1.2"></entry>
</login>
</payload>
</uid-message>
If you want to delete and enter the XML below, and then Submit.
<version>1.0</version>
<type>update</type>
<payload>
<logout>
<entry name="test-user1" ip="192.168.1.1"></entry>
</logout>
</payload>
</uid-message>
If you put and after the timeout = XX of ip = "~", but it is time-out after the registration after XX seconds, to be taken this, and it continues to be in effect until you delete (logout).
Confirmation can be from the CLI.
192.168.1.2vsys1XMLAPItest-user2NeverNever
IT/インフラエンジニアの地位とスキル向上のために
あなたが成長の日々を歩めますように。
コメント