openNAC Firewall integration


  • openNAC is a Network Access Control for corporate LAN / WAN environments that enables authentication, authorization and audit policy-based all access to network
  • Focus on open solution, use of standard protocols, multi vendor support, flexibility, scalability, easy to integrate with other platforms like firewalls, tools to assist deployment of NAC.
  • Customers are requesting end 2 end control from a network link to the access of complex applications based on policies
  • Sharing information between management and security tools is a must nowdays.

Integration architecture

openNAC-Palo Alto integration diagram
openNAC-Palo Alto integration diagram

Integration description

When an OpenNAC server is integrated with a Palo Alto Firewall, the Plugin pushes some information as the username, the OpenNAC’s poilcy rule name that has validated both the user and the device and the device IP to improve Palo Alto firewall policies enforcement. Palo Alto REST API is used to push the information periodically while user is still connected in the network.
Once the user disengagement from openNAC is detected all the tags associated to his IP are removed to avoid reusing them with another user accessing the network.

Use cases

  • Manage and control providers that are working in a corporate network, i.e. large utilities. OpenNAC can manage the complexity to register devices of each provider in a easy way.
  • Control thousands of branch offices, i.e. large bank. This is one of most typical use cases to control access and push information to firewall layer to improve security.
  • Control sensitive networks, i.e. nuclear plants
  • Control corporate networks, i.e. large enterprise
  • Manage BYOD on any corporate network, i.e. large university campus

More information

Contact us here