10-25-2019 06:54 AM
Hi,
recently we configured Minemeld with Gridmeld to fetch SGT-IP bindings from Cisco ISE over RestAPI (PxGrid). Minemeld is pushing the SGT-IP Bindings correctly into the dynamic object groups. However, we noticed the IP to tag bindings are sometimes missing from the Palo Alto (checked with "show object registered-IP all") and 1 minute later added again. During this time we can find the affected IP-tag binding on the Minemeld UI (in the Indicator Field) and on the ISE node. Looks like it is not stable so far.
Has anyone implemented this and experienced similar issues?
08-06-2020 09:41 AM
I am trying to set this up on Redhat. We have Minemeld and PxGrid integration to ISE working because we can see the SGT tag-IP details pushed from ISE to PxGrid but the same data is not being pushed to the Palo Alto Firewall. Minemeld server is constantly sending SSL traffic to the Firewall successfully and we are able to make API calls from Minemeld to the Palo Alto Firewall but running the "show object registered-IP all" command does not return any data. Can someone advise how we can troubleshoot and verify if Minemeld is sending the required data to the Palo Alto Firewall.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
