Are you on a recent ClearPass version? Asking because some aspects of the Palo Alto integration are updated in newer ClearPass versions.
If you are on a recent version of ClearPass, please double-check with the Palo Alto Integration guide from
https://www.arubanetworks.com/clearpassdocs, if that doesn't help it may be best to open a support case.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Jan 24, 2022 05:42 PM
From: Deepak Mohan
Subject: Clearpass - Palo Alto Role Update timeout Value
Hello All
I am using ClearPass Palo Alto API Integration (using Native Context server) to pass on HIP objects and Role information ( as tags) to Palo Alto
While passing roles I see below 2 Issues
1 - The role name gets attached as Tag in Palo Alto with a no-expire timeout Value
2 - If the IP is acquired by a new device and ClearPass sends role to PA, the role info gets appended to the existing Tag. The Tag doesn't get updated
fyi,I have updated the "Palo Alto User Identification Timeout" value under server configuration to 120 minutes.
Is there anything I need to do to rectify this ?
------------------------------
Deepak Mohan
------------------------------