06-14-2022 02:48 AM
Hi team,
The problem detected is that Palo Alto (PAN-OS 9.1.13-h3)computers register too many IPs for each user through XMLAPI (RADIUS-Clearpass origin). Usually a user is not connected to the WiFi network with more than 3 devices (work computer, personal phone and corporate phone), therefore is not associated with more than 3 IPs. In Palo Alto we find users associated to more than 20 IPs/device...
Any idea?
Regards
06-14-2022 07:48 PM
So ... what do the logs say? If you have this setup as recommended by Aruba, then ClearPass is what's actually telling the firewall how to map things through the XML API. You'll need to look at the logs on the ClearPass side of things to verify that they are updating things properly. Should be in the postauthctrl.log file as long as things haven't drastically changed since the last time I looked at it.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
