Hello,
I've been trying to find out where I have gone askew but can't see anything that I have done differently from the Tech Note that explains how to integrate Clearpass and Palo Alto Firewalls. I do not know if my issue is on the Clearpass side or the Palo Alto side. Hoping that someone here can point me in a good direction!
I have my Insight Database enabled and running.
I've verified that RADIUS Interim Accounting is enabled on my Controller. (7210)
Post_Authentication is set to default Eager Handler Polling Freqency (30 seconds)
I've added the Enpoint Context Server for my Firewall in Clearpass and provided a Username and password I created in the Firewall that is a device admin.
I've configured a Palo Alto Trigger Update Enforcement Profile, using Session-Check, IP-Address-Change-Notification and the value drop down selected my Firewall IP.
Added the Enforcement Profile to my Current Enforcement Policy. (Tips:Role EQUALS [User Authenticated])
The profile is already applied to a Service.
I configured Dynamic-Objects for Categories that I have in Clearpass.
When I run "debug user-id dump xmlapi-stats" on the firewall I have 0s which means I have some sort of configuration issue between the two devices.
ereader@PA-3020> debug user-id dump xmlapi-stats
vsys: vsys1
num of input : 0
num of user login : 0
num of user logout : 0
num of dynamic address object register : 0
num of dynamic address object unregister: 0
num of user group : 0
ereader@PA-3020>
Looking in the Postauthctrl.log I am not seeing anything that is standing out as a glaringly obvious issue. I do see a few warnings from time to time that Request handling is already in progress. I don't necessarily want to post the whole log because there is quite a bit of user data in it. So I have taken a snippit of it and changed IPs and MACs so that I could provide as much info as possible.
Any assistance would be greatly appreciated.
#7210