Security

Reply
New Contributor

Re: ClearPass 6.7 and Palo Alto Firewall Integration

We are running Clearpass 6.6.10 and PAN OS 8.0.9 and have the same problem. Some user-id information is passed, while others are not. I am following this, in case someone finds a resolution. 

New Contributor

Re: ClearPass 6.7 and Palo Alto Firewall Integration

I had this problem with UserID disappearing and figured out that it was because I had a UserID agents running on the domain controllers as well as collecting UserID from CPPM.  As soon as I disabled the UserID agents on the DCs the mappings stabilized.

New Contributor

Re: ClearPass 6.7 and Palo Alto Firewall Integration

Funnily enough... you might be on to to something there.

I found this article that stated that you can tail the userid log on the firewall and you will see rate-limiting happening due to loads of "unknown" users breaching a threshold. (~100 second)

 

I to have user-id scanning ranges on multiple dc's and subnets.

For lazyness i have summarised these and the summary scope has the byod ranges in. These would have a lot of unknown users.

I'm working on removing those scopes from the user-id agents and seeing if the behavior changes, as the byod users should be fed from CPPM via xmlapi... (Which it does before it looks like user-id takes over)

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cls9CAC

 

There is a snippet at the bottom of this that explains the rate limiting under FAQ-More info.

 

Hope this helps.

I'll feedback with my results.

 

Regards

John

Highlighted
Contributor I

Re: ClearPass 6.7 and Palo Alto Firewall Integration

Hi Danny,

I'm looking how e when the logout (or deregistrer) actions are sent to PAN. I'd like to understand when these actions are sent becouse I don't think that there is a policy match a logout event; the only information could be come from the accounting (STOP)... So in this case where I've to put these actions ?

 

Thanks

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: