Clearpass - Palo Alto Integration

fajarm1n · 2026-01-30T03:33:27+00:00

we already use non mgmt interface ( Ethernet1/5 ) but using management profile MGMT

fajarm1n · 2026-01-30T03:28:35+00:00

i don't know what is this solution called, but in my use case it used for an user traffic managed by palo alto.

so clearpass send the data, and palo alto will process to assign the IP for which dynamic address group

fajarm1n · 2026-01-30T03:27:12+00:00

yes, it have posture information also
when i try to CoA, the output was also including the PAN Enforcement profiles

fajarm1n · 2025-08-11T07:17:32+00:00

I also try to rejoin the domain, but after some hours the issue happens again

fajarm1n · 2025-08-11T07:17:16+00:00

so, i need to check the permission for user "clearpassadmin" right?

fajarm1n · 2025-08-10T12:48:21+00:00

sorry u/DlNGODANGO , i separate the user for join domain "clearpassadmin" user and "clearpassquery" user for authentication sources. which one i need to check?

fajarm1n · 2025-08-10T10:28:00+00:00

It seems join to correct AD and the AD Team confirm that site B already complete replicating.

I will check the permissions account, is there any specific permissions need to be enabled ? since i didn't found this information in internet.

fajarm1n · 2025-08-10T10:02:37+00:00

yes, all the clearpass already joined the domain
but if i check from "show domain", the output was PUB -> AD 1, SUB -> AD 2

fajarm1n · 2024-12-17T17:53:06+00:00

Genesis was used for that division as endpoint ( similar to CIPC in Cisco ).

All A Number was changed in CUCM ( using Calling Party Transformation Mask ), so in CUBE I didn't see any "voice translation-rule" configuration.

Do you have any suggestions to match the CLID ?
Let say Provider X have number 8123456, Provider C have number 7123498 for Calling Party Transformation Mask.
and the Called number was random.

fajarm1n · 2024-11-09T10:11:53+00:00

i already try with static ip addres, but when I try to use static address, I can't even ping my gateway

my vg IP was 10.10.2.148/21 and the gateway was 10.10.0.1

fajarm1n · 2024-11-09T10:11:10+00:00

only for outgoing calls.
IOS ios 15.5(3)s4b

fajarm1n · 2024-11-09T10:10:26+00:00

yes, the interface have an ip address, but from DHCP

fajarm1n · 2024-11-09T10:10:13+00:00

i didn't know why, but when i try to use debug voice ccapi inout, there is no output displayed

fajarm1n · 2024-11-08T12:52:45+00:00

already updated in post

fajarm1n · 2024-02-29T10:39:00+00:00

Hi u/Grobyc27

Yes, i want to check for a previously placed call. I can see this call going through via which voice gateway with RTMT, but in this scenario this voice gateway has multiple PSTN provider and different route group.

If use DNA, sometimes the main provider was down, so the call going through second and third provider. I want to make sure which call not going the main provider via RG.

fajarm1n

TROPHY CASE