06-29-2014 12:09 AM
is it possible to have radius accounting info sent to our Checkpoint firewalls so we can enforce username based poicies?
We are currently using Clearpass to facilitate BYOD and are using .1x for authentication. We need to be able to enforce the same user based FW policies to personal devices as we do corp, but as we arent seeing username ID on our firewalls, we cant.
Is it possibe? Our onnly alternative is to seperate BYOD devices and Corp onto their own subnets, rahter than simply controlling access via user roles, but isnt this a somewhat outdated approach?
Solved! Go to Solution.
06-29-2014 12:38 AM
As of today you can not proxy accounting from clearpass. There currently is a feature request in for it.
I have not tested it, but in the early deployment code in AOS you can send accounting to mulitiple devices.
--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.
--Problem Solved? Click "Accepted Solution" in a post.
06-29-2014 03:42 AM - edited 06-29-2014 04:22 AM
Cheers for that...
So looks like I will have to revert to network segmentation.. not the end of the world I suppose, just not as neat as usuing user roles to control access...