Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
542
Views
1
Helpful
1
Replies

ISE too many authorization profiles

imanv
Level 1
Level 1

‎02-08-2025 06:49 AM

I have ISE distributed PANd and PSNs to two data centers. There is a problem when I try to open the Authorization Profiles. Misconfiguration causes more than 600 Authorization profiles to exist in PAN. This misconfiguration caused a heavy load on PAN and the authorization profiles section took more than an hour to open and sometimes caused active PAN rebooting itself.

My approach to solving the problem is :

1- download all the authorization profiles

2- find the useless policies based on the heat-headcount

3- Delete the useless authorization policies

4- Merge policies if possible.

To do so, I activate the External RESTful Services (ERS) APIs and create an account to access them. I used the attached Python codes, but I still failed to get the policies. Running the Get_all code, I got the "the connection is closed!!!" and after 2-3 times, the PAN restarted.

 

Would you please help me to solve the issues with your useful comments?

 

 

Preview file
2 KB
0 Helpful
1 Reply 1

Scott Fella
Hall of Fame
Hall of Fame

‎02-08-2025 09:04 AM

Do you think the deployment backup is healthy?  If so, what I have done is restore the backup onto a VM running the same version and patch.  That way I was able to review the radius/tacacs policies, understand each one, make notes, make changes in the dev and then make changes to the prod.  You can just spin up an eval version to do this work.  I keep a few with different versions for testing, but every so often I restore to those dev nodes to review.

-Scott
*** Please rate helpful posts ***
Customers Also Viewed These Support Documents