problem in integration with clearpass XML API

while trying to integrate Aruba ClearPass with PA to send login info and user role to PA from ClearPass using XML API the following errors appears in ClearPass side, and no error appear from PA side 

unable to post request to PAN (IP address), error:

System Log : Number of uncommitted changes is greater than 250 please commit the changes.

It occurs in the system log as shown in the message below.

What causes these logs to occur, and what can I do to prevent them from happening?

Message : Number of uncommitted changes is greater than 250 please commit the changes.

Enhancing OT Network Security with a 2.5 DMZ:

In our OT network, we're considering adding a Level 2.5 DMZ to bolster security. This would serve as an additional layer of protection between the control systems (Level 2) and the enterprise network (Level 4).

Specific Design:

• Level 2.5 DMZ: Host thir

Decryption: Client and decrypt profile version mismatch

Hi folks,

Have been seeing a lot of "'Client and decrypt profile version mismatch. Supported client version bitmask: 0x08. Supported decrypt profile version bitmask: 0x60. ' errors in the log lately. This article:

https://docs.paloaltonetworks.com/

How to configure GRE over Ipsec

Hi team,

How to configure GRE over Ipsec between PaloAlto and cisco Router using ospf? I need sample document for configure?

If anyone did it before please share... I checked whole live community but there have no exact configuration.

Thanks

Al

Unified Log Timeout Field

PA14010, PANOS 11.1.x. Have TCP and UDP idle timeouts configured for 900 seconds globally, and as high as 86400 for some applications. Development team would like to see when the firewall enforces timeouts, as they think the firewall is causing failu

L2L IPSEC Tunnels - How Often Do Initiators Attempt to Init?

How often or where are the timers that dictate how often PAN-OS attempts to initiate/attempt IPSEC tunnels when first created, after reboot/power-loss, network loss, etc.?

Thank you!

Mike

Paloalto FW HA(Active/Passive) OS Upgrade Procedure 10.1.X -> 11.1.X

Hello

I have a question about upgrading the Palo Alto Fire Wall OS.

From the 11.1.X version, we've seen that you can upgrade right away without a 10.2.X or 11.0.X install.

ex) OS Upgrade(10.1.13-h1 -> 11.1.5)
I ran the test on my Standalone firewall (1

The NGFW User-ID and Terminal Server (TS) Agent Self-Signed Certificate expiration

The NGFW User-ID and Terminal Server (TS) Agent Self-Signed Certificates will expire what is the  action needed(PAN-OS 11.1)

PaloAlto Firewall and Cisco Expressway integration with NAT Reflection

In Cisco Expressway Series with Single NIC Deployment, the Cisco Expressway Core must be configured to point to the Fully Qualified Domain Name (FQDN) of the Cisco Expressway Edge, this FQDN must be resolved to the Public IP of Cisco Expressway Ed

Question regarding source NAT in S2S VPN

Hi All,

I need to create a S2S Tunnel to a customer. We need to reach 1 Server on their side (e.g. 192.168.100.1). The connection is needed from multiple Hosts from 2 different Subents on our Side (10.0.112.0/21 and 172.18.2.0/24). The customer does

PA-220 / PA-440 DNS

I am wondering if my server dies, can I host DNS on my PA-220 or PA-440.  This would be great and would not have to have physical box anymore.

I need to upload response page

I am currently in the process of planning to upload a custom webpage to my Palo Alto device. However, I would like to automate this process through an API call. I have the HTML content for the webpage stored in a variable and I would like to upload i

Can I use a certificate from another device in my decryption policy?

Hi

I plan to apply Vunerable Protection to the customer's firewall and at the same time decrypt outbound traffic.

However, the customer's network environment already includes encryption and decryption equipment.

And the customer wants to apply the