Security

Reply
Occasional Contributor II

Applying different Posture Policies

 

​​​​​Hi, 

 

I want to apply different posture policies depending upon the user coming in with the asset.

For example: If an employee is coming with a corporate laptop, I want to assign one type of posture policy. If the employee is coming with personal asset, I want to assign a different posture policy.

(Employee with Corporate asset = Posture policy A

Employee with personal asset = Posture policy B)

I am able to differentiate the employee with corporate asset or with the personal asset, but how I can assign suitable posture policy depending upon the asset if I am able to identify the user asset.

Kindly help.

 

Regards,

PRASANTH.

Guru Elite

Re: Applying different Posture Policies

When you configure posture policies, you can lock them to roles. So do a role mapping for corporate vs personal and then add the appropriate role to the posture policy.


Thanks,
Tim

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: Applying different Posture Policies

Hi,

 

 

Hi,

 

If I map the employee role with corporate asset or personal asset to apply the posture service, then I need to create two onguard webauth services right?

Guru Elite

Re: Applying different Posture Policies

No, you can use the same service. Just use the role info in your enforcement rules.


Thanks,
Tim

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: Applying different Posture Policies

Hi,

 

But we will apply the posture policy depending upon the role, post applying the posture policy i am sending the enforcent right, so how I can differentiate the posture policies.

 

Thanks,

PRASANTH.

Guru Elite

Re: Applying different Posture Policies

Use the same roles in your policy to differnetiate.


Thanks,
Tim

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
New Contributor

Re: Applying different Posture Policies

Hi, I´m trying to restrict the posture policy to roles so I can diferentiate internal from external users and apply to them different postures but I always get Unknown as the posture result as soon as I configure the restrict by roles part.

 

One conncetion example would be:

 

A user with the role mgs-preventa connects to the network and always gets the Unknown result when the restrict by roles have the msg-preventa configured (image attached). If I remove the the role from that part, the user connects and gets healthy or unhealty posture result.

 

Do you have any idea why this is happening?

 

My Clearpass version y 6.6.0

Re: Applying different Posture Policies

Can you please explain a bit more what type of enforcement you are trying
to apply to each role ?
Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
New Contributor

Re: Applying different Posture Policies

Hi, After the posture check i'm applying RADIUS enforcement profiles which are working fine even when I get the Unknown posture status.

My issue resides when I tried to restrict different posture policies to certain roles so I´m apply different posture policies to different users/Devices. Note: I do have a Role mapping that is working as expected.



[http://imigesa/uapoyo/icorporativa/Firma%20Mail%20MS%202013/LOGOS/Logo-de-firma-Equipamiento.png]

Ulises Cázares / Ingeniero de Preventa
Aruba - ACMP/V6.4-V8 ACCP 6.5, HPE - Network Master ASE
VMware - VCP6/DCV-NV, F5 BIG-IP Administration,
Palo Alto - PCNSE, ITIL - Practitioner
Cisco - CCNA, HPE - ATP Data Center Solutions
ulises.cazares@migesa.com.mx
+52 (81) 83890400 ext. 4512
http://www.migesa.com.mx
[Twitter] [Facebook] [LinkedIn] [Youtube]
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: