Sometimes it is necessary to change the internal Docker CIDR in CA PAM as the network range proposed is in use by other devices (for instance endpoints or remote networks)

In version 4.1.X this can be done directly from the GUI and should be fine. However sometimes error message

PAM-CM-6033: Local PAM Docker CIDR update failed or docker daemon failed to start,

is obtained and the change does not work, whereby the old 172.17.0.1/16 range is restablished

CA PAM 4.1

One known root cause is that a Docker configuration file is missing on the appliance where the change was attempted. Docker containers were introduced on PAM appliances in release 4.0. This problem has been observed on PAM nodes upgraded from 3.4 directly to 4.1.1 or 4.1.2. If the configuration file is missing, PAM will always revert back to the default CIDR for Docker, that is 172.17.0.1/16.

A possible resolution involves ssh access to the appliance to verify if the file is under the said location and, if not present, recreate it as necessary, then restart the docker daemon

These are actions which should be performed by Broadcom Support, so please contact them in case you are facing similar issues to the one described