There are two interactions between Pulse Policy Secure (PPS) and Palo Alto Networks (PAN) firewalls where different API's are used to provide a seamless experience.
- PPS utilize the keygen command to receive API key to proper authenticate to the PAN firewall.
- PPS utilize the User-ID APIs (login, logout, register and unregister)
- login is used to register the User-IP mapping to the PAN firewall
- logout is used to remove the User-IP mapping to the PAN firewall
- register is used to register the IP-Tag (role) mapping to the PAN firewall
- unregister is used to remove the IP-Tag (role) mapping to the PAN firewall
For more details about each User-ID API, please refer to the Palo Alto Networks API guide
under "Apply User-ID Mapping and Populate Dynamic Address Groups (API)"
. (page 82)