Users Guide
Specify the Session Notification Enforcement > Attributes parameters as described in the following table:
Table 218: Session Notification Enforcement > Attributes Parameters
Parameter Action/Description
Type
Select one of the following Type attributes:
l Session-Check
l Session-Notify
Palo Alto integration is extended to Guest MAC Caching use cases. Configure the Session-
Check attributes as follows:
l Session-Check::Username = %{Endpoint:Username}
NOTE: Post authentication sends the Guest username instead of the MAC address in the user
ID updates.
l Session-Notify: The Name options are:
n Login Action
n Logout Action
n Server IP
n Server Type
Server Type options:
n Generic HTTP
n Palo Alto Networks Panorama
n Palo Alto Networks Firewall
Server IP options: a choice of IP address/hostnames for the corresponding type of server as
Value. The Target Server attribute must be specified before you can use the Server IP
option.
Once the server IP address is selected, you can select Login Action or Logout Action. The
list of actions defined for the selected server will be shown as available choices for Value.
This enforcement type should be used both for Palo Alto devices and any Generic HTTP servers.
Name
The options displayed for the Name attribute depend on the Type attribute that was selected.
Value
The options displayed for the Value attribute depend on the Type and Name attributes that
were selected.
Summary Information
This Summary tab summarizes the parameters configured for Session Notification Enforcement.
Figure 406: Session Notification Enforcement > Summary Tab
Session Restrictions Enforcement Profile
W-ClearPass uses Keep-Alive messages to issue CoA (Change of Authorization) for a Session Restrictions
Enforcement Profile if OnGuard Agent is disconnected (see below, Examples of Session-Check Enforcement
Dell Networking W-ClearPass Policy Manager 6.6 | User Guide Configuring Enforcement Policies and Profiles | 413