Contributor II

AOS 6.4 or CPPM Palo Alto Updates

Now that AOS 6.4 supports direct Palo Alto User-ID integration via the XMLAPI on the PanOS:


In an environment with both AOS 6.4 Controllers and CPPM, is there a reccomended best practice or preferred Aruba reccomendation as to which of those two sources update the User-ID info in Palo Alto?




Kevin Schoenfeld

Guru Elite

Re: AOS 6.4 or CPPM Palo Alto Updates

You should pick 1 source. I wouldn't recommend using two different sources.

If you are using identity integration on your wired network, it would be
best to use ClearPass as the Palo identity source.

Tim Cappalli | Aruba Security
@timcappalli | | ACMX #367 / ACCX #480

Re: AOS 6.4 or CPPM Palo Alto Updates

Note that CPPM priovdes additional context over AOS to the PANW about an endpoint in the form of HIP Objects.


And I agree with Tim, ONLY use one source as context input to the PANW.


Best Regards

ClearPass Product Manager

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Search Airheads
Showing results for 
Search instead for 
Did you mean: