beautypg.com

Configuring the tunnel interface – HID Palo Alto Networks and ActivID AS User Manual

Page 8

background image

ActivID Appliance RADIUS and Palo Alto Networks Integration | RADIUS Channel Integration Handbook

External Release | © 2014 HID Global Corporation/ASSA ABLOY AB. All rights reserved.

Page | 8

5. Choose Layer 3 for type.

6. Select Enable User Identification.

7. Click OK.

2.3.2 Configuring the tunnel interface

Each SSL connection (like a tunnel) is bound to a tunnel interface. It is necessary to assign the tunnel
interface to the same virtual router as the incoming (clear text) traffic. This way, when a packet comes to
the firewall, the route lookup function can determine the appropriate tunnel to use. The tunnel interface
appears to the system as a normal interface, and the existing routing infrastructure can be applied.

In our example, the interface “tunnel.10” will be used for the VPN SSL traffic.

1. To create this tunnel interface, click on the tab Network, then on the left pane, click Interfaces, and

then click on the sub-tab Tunnel.

2. Click Add to add a new tunnel.

3. Enter an ID for the tunnel (“10”).

4. Assign the security zone created previously (in our example “VPN SSL”).

5. Click OK.