My MineMeld experience has been great thus far thanks alot for creating such a robust community product.
I set up authentication feeds recently and am curious where I can verfiy authentication is successful?
Is this a Firewall Log or a MineMeld log?
I ran a grep on my Ubuntu server with the username authorized for my authfeed and came up dry. I was able to see the successful authentication requests when I ran a tail follow yes mp-log ms.log and then importing the EDL shows me where it fails or succeeds. In addition, running the request system external-list show type url name URL_HighConfRed show how much of the output feed you are getting and says a yes or no for a few verification fields.
Something that is partcially related that has become a recent issue is trying to deploy the EDL's via Panorama. If I want to have the extra level of security with my EDLs using a certificate profile and authentication it doesn't seem possible from a Panorama perspective as the certificate profile doesn't cross over to the device group plane. Essentially, if I want to add my EDLs as a "shared" object I am unable to do so with a certificate profile present. As the certificate profile doesn't cross over at the "shared" level. Rather it is specific to the devices that are in the template stack where the profile exists. The only configuration this would work is if all of my devices were in one device group. This doesn't make much sence as each device has specific policies unique to itself. Not sure how to get around this as Palo Alto support didn't have a solution for me either.
@lmori When you are deploying MineMeld EDLs into a Panorama configuration. Are you doing it without Authentication feeds being enabled? Or do you have one level of template where all of your devices live that matches up with the device group?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!