Configuring the tunnel interface – HID Palo Alto Networks and ActivID AAA User Manual
Page 8
HID Global and Palo Alto Networks Integration | Integration Handbook
External Release | © 2014 HID Global Corporation/ASSA ABLOY AB. All rights reserved.
Page | 8
3. Click Add to add a new zone.
4. Enter a Name for the zone.
5. Choose Layer 3 for type.
6. Select Enable User Identification.
7. Click OK.
2.3.2 Configuring the tunnel interface
Each SSL connection (like a tunnel) is bound to a tunnel interface. It is necessary to assign the tunnel
interface to the same virtual router as the incoming (clear text) traffic. This way, when a packet comes to
the firewall, the route lookup function can determine the appropriate tunnel to use. The tunnel interface
appears to the system as a normal interface, and the existing routing infrastructure can be applied.
In our example, the interface “tunnel.10” will be used for the VPN SSL traffic.