The firewall internal interface used to have GP portal configured and then removed, we found the XML API does not work on the standard port 443. In web browser an API call returns the 404 error. Pcap shows that the firewall does not reply to the call. We need this for Clearpass integration, and when testing with a different port (with NAT) it works on browsers but not the Clearpass.
Could you please help with the troubleshooting.
It works on the public interface
we have GP portal running on the public interface so we are using port 4443 to access the API and NAT’ing it to a loopback interface on 443 with management profile.
We tried the similar setup on the internal interface and it works ok. But not port 443.
Followed this document
Captive Portal and the other standard user mapping methods might not work for certain types of user access. For example, the standard methods cannot add mappings of users connecting from a third-party VPN solution or users connecting to a 802.1x-enabled wireless network.
For such cases, you can use the PAN-OS XML API to capture login events and send them to the PAN-OS integrated User-ID agent.
See Send User Mappings to User-ID Using the XML API for details. - https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/user-id/user-id-concepts/user-mapping/xml-...
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!