We've used Palo alto as DHCP server for all our wireless infrastructure, we notice that after one hour the IP has to expire and be release, however it keep the expired session on the DHCP and we have to manually clear out this from cli.
Once the pool is full no dhcp ip is released.
Anyone does know the issue?
Secondly can we automate the commands to run at specific time on Palo alto. E.g show session run every 8 hours
Could you elaborate on your DHCP configuration (and PAN-OS version, some old version may have a bug)?
The default setting is an unlimited lease, this could cause your problem as leases will not be released
A lease may remain visible after the client has gone offline/off network, but the lease should be reused once the lease period has expired and a client requests an IP (unless the lease is unlimited)
you can automate an API call to fetch the info you like whenever you want:
here's a few helpful articles on the API:
I'd recommend upgrading your PAN-OS to a more recent version, 7.1.7 and 7.1.8 are currently recommended releases , in case the .0 release has a bug that locks the leases somehow. if that doesn't fix the issue you may need to get in touch with support.
for a scheduled API call you could use this command:
there's an API browser that allows you to explore all available commands:
https://<IP of your firewall>/API
1) Update away from 7.1.0 and install the latest supported 7.1.*. The version you are currently running was very early in the 7.1 life cycle and has some bugs you may be running into.
The api call would look something like https://firewall/api/?type=op&cmd=<clear><dhcp><lease><all><expired-only></expired-only></all></lease></dhcp></clear>&key=apikey
Replace firewall and apikey with whatever your local values should be.
If you were looking to schedule it you could easily do this with a powershell script. Keep in mind that the api call I have listed is only looking for expired leases across all interfaces, which sounds like what you need but you may need to modify to meet your needs.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!