07-22-2016 08:15 AM
I just setup a Palo Alto firewall as an Event Source and created a Service in ClearPass using the new Event-Based Enforcement and I want to make sure it's been configured properly. I am seeing events come through in Access Tracker, so I assume the syslog tie-in to CPPM from Palo is working, but there isn't really any information in there. Also, one of the threats that shows up (OpenSSL TLS Heartbeat Information Disclosure Vulnerability - Reverse Heartbleed) doesn't seem like it is being sent to ClearPass despite the threat hitting the same Policy on Palo as the events that I am seeing come in. I have attached a screenshot of one of the events that I am seeing in Access Tracker.
09-02-2016 09:19 AM - edited 09-02-2016 09:19 AM
I have the exact same issue. I have a ticket open with Aruba and Palo Alto. Looks like an issue with the ingress events dictionary. Been working at it for a week now without any resolution. Did you ever figure out what your issue was?