Contributor II
Posts: 57
Registered: ‎01-18-2012

AOS 6.4 or CPPM Palo Alto Updates

Now that AOS 6.4 supports direct Palo Alto User-ID integration via the XMLAPI on the PanOS:


In an environment with both AOS 6.4 Controllers and CPPM, is there a reccomended best practice or preferred Aruba reccomendation as to which of those two sources update the User-ID info in Palo Alto?




Kevin Schoenfeld

Guru Elite
Posts: 8,320
Registered: ‎09-08-2010

Re: AOS 6.4 or CPPM Palo Alto Updates

You should pick 1 source. I wouldn't recommend using two different sources.

If you are using identity integration on your wired network, it would be
best to use ClearPass as the Palo identity source.

Tim Cappalli | Aruba Security TME
@timcappalli | | ACMX #367 / ACCX #480
Posts: 476
Registered: ‎11-09-2012

Re: AOS 6.4 or CPPM Palo Alto Updates

Note that CPPM priovdes additional context over AOS to the PANW about an endpoint in the form of HIP Objects.


And I agree with Tim, ONLY use one source as context input to the PANW.


Best Regards

Snr Tech Marketing Engineer - ClearPass

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Search Airheads
Showing results for 
Search instead for 
Did you mean: