Hi guys, My customer previously used XMLAPI to push User-ID info to Palo Alto but they now have an Aruba Clearpass appliance which will be handling all User-ID information via Syslog. Due to software issues they cannot currently use XMLAPI between Clearpass and Palo Alto as the system has multiple vsys. Now the issue is that there are a lot of entries in the User-ID table from XMLAPI with a timeout of never, they have tried disabling all XMLAPI settings on devices and denying HTTPS traffic from these devices to the Palo Alto yet whenever they clear the User cache these entries are instantly re-populated, an example is shown below. IP Vsys From User IdleTimeout(s) MaxTimeout(s) --------------- ------ ------- -------------------------------- -------------- ------------- 10.82.233.137 vsys1 XMLAPI xxx\176724 Never Never 10.83.161.130 vsys1 XMLAPI xxxc\pcipad Never Never Did anyone have ever seen similar issues? Thanks, Cheers, Mel
... View more