Mismatch in Airwatch endpoint security attributes after upgrade to 6.6.1 and above

Aruba Employee
Problem:

After upgrade to 6.6.1 from lower versions, a mismatch is noticed between security endpoint attributes in AirWatch and ClearPass



Diagnostics:

Below is an example of a client which shows the encryption is enabled which is one of the security attributes in AirWatch.

 

 

 

However, in ClearPass when we compared the security attribute for the client in ClearPass 6.5.x and ClearPass 6.6.5, we see a mismatch in value for attribute : Encryption Enabled which is a security attribute in AirWatch.

6.5.7:

 

6.6.5:

 

 

As seen from the screenshot seen in AirWatch, we see under the security tab, that encryption is enabled. We see a mismatch in ClearPass 6.6.5 for this value whereas we see the correct value for attribute :Encryption Enabled in 6.5.7



Solution

From 6.6.1, secondary polling of endpoint details to grab additional endpoint policy data from AirWatch was made optional to improve the performance. By default the value is false which means ClearPass will not poll additional attributes of endpoint from AirWatch from 6.6.1.

 

In order to fetch additional endpoint attributes like security attributes of endpoints from AirWatch, enable the option: Enable to fetch Endpoint Security Info under Administration->External Servers->Endpoint Context Servers for AirWatch. 

 

 

On enabling this option, ClearPass will poll security attributes of endpoint  from AirWatch. This value will be corrected in 6.7 to remain as TRUE by default therefore on upgrading to 6.7, option: Enable to fetch Endpoint Security would be enabled by default and can manually be disabled if it's not required.

Version history
Revision #:
2 of 2
Last update:
3 weeks ago
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: