Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
05-01-2015 09:14 PM
Hi guys,
My customer previously used XMLAPI to push User-ID info to Palo Alto but they now have an Aruba Clearpass appliance which will be handling all User-ID information via Syslog.
Due to software issues they cannot currently use XMLAPI between Clearpass and Palo Alto as the system has multiple vsys. Now the issue is that there are a lot of entries in the User-ID table from XMLAPI with a timeout of never, they have tried disabling all XMLAPI settings on devices and denying HTTPS traffic from these devices to the Palo Alto yet whenever they clear the User cache these entries are instantly re-populated, an example is shown below.
IP Vsys From User IdleTimeout(s) MaxTimeout(s)
--------------- ------ ------- -------------------------------- -------------- -------------
10.82.233.137 vsys1 XMLAPI xxx\176724 Never Never
10.83.161.130 vsys1 XMLAPI xxxc\pcipad Never Never
Did anyone have ever seen similar issues?
Thanks,
Cheers,
Mel
05-04-2015 04:12 AM
Hi Mel.Li,
Did you also clear mp cache? I presume you had been trying to clear only dp logs.
Command to clear mp cache,
>clear user-cache-mp all
Clear dp cache followed by mp clear,
>clear user-cache all
Hope this helps.
Thank You.
05-06-2015 04:06 PM
Hi Guys,
thanks for your reply. We did test to clear user information from mp and dp, but the users are still showing up in the user id table as XMLAPI.
We have opened a support case with PA TAC.
Will update once the true cause has been found.
Thanks,
Cheers,
Mel
05-07-2015 03:11 PM
What version? And are you sure the API is not being updated? The clear command worked for me. You could also add a timeout and send that to all your api know users therefor they would timeout.
admin@PA-200> show user ip-user-mapping all
IP Vsys From User IdleTimeout(s) MaxTimeout(s)
--------------- ------ ------- -------------------------------- -------------- -------------
192.168.254.1 vsys1 XMLAPI dominic Never Never
Total: 1 users
admin@PA-200> clear user-cache all
All entries in user cache removed!
admin@PA-200> show user ip-user-mapping all
IP Vsys From User IdleTimeout(s) MaxTimeout(s)
--------------- ------ ------- -------------------------------- -------------- -------------
Total: 0 users
admin@PA-200>
05-07-2015 03:43 PM
Hi Dburns,
The commands works for my customer but after a while there are user entries showing XMLAPI again in the user id table.
Customer confirmed they have removed the API setting. But will confirm with them again to see what exactly happend.
Thanks for your comments.
Cheers,
Mel
02-25-2021 01:22 PM
Hi,
Do you remember the solution for this old issue ?Or does anyone have any idea ?
we are having the same issue now.Thanks
Regards
06-12-2023 05:17 AM
Hi, anyone got the solution for this? My user entries showing XMLAPI in the place for User-id agents.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
