Security

last person joined: 19 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Ability to Query External ClearPass Endpoints database

This thread has been viewed 7 times

  • 1.  Ability to Query External ClearPass Endpoints database

    Posted Jul 22, 2015 11:18 AM

    I have a customer with two ClearPass 25k server in high capacity guest services a public SSID.  I have two 5k CP servers for internal dot1x so they are not in the same cluster. Customer wants the 25ks guest service policy to query the 5k's endpoints database and if it exists then deny the device access to the guest network.  I get the compatibility with SQL databse but am uncertain about this. 



  • 2.  RE: Ability to Query External ClearPass Endpoints database
    Best Answer

    EMPLOYEE
    Posted Jul 22, 2015 11:20 AM

    Yes, you can do this using the appexternal account referencing the tips_endpoints table in tipsdb.



  • 3.  RE: Ability to Query External ClearPass Endpoints database

    Posted Jul 22, 2015 11:34 AM

    Just got it working with radius proxy.  Thanks for the feedback.



  • 4.  RE: Ability to Query External ClearPass Endpoints database

    Posted Sep 27, 2017 03:45 PM

    Hi Cappali,

    It is safe to change the "appexternal" user password in cluster wide parameters, will this interfiere or impact in any way?



  • 5.  RE: Ability to Query External ClearPass Endpoints database

    EMPLOYEE
    Posted Sep 27, 2017 04:03 PM
    Yes. The default password is randomly generated. If you’re not using it for anything else, then you can change it without impact.


  • 6.  RE: Ability to Query External ClearPass Endpoints database

    Posted Sep 27, 2017 04:08 PM

    Thanks for your quick reply, I will go ahead and start testing :)