Security

Reply
Regular Contributor I
Posts: 184
Registered: ‎03-22-2013

Aruba and Checkpoint ID Awareness - possible to send user info from Aruba?

is it possible to have radius accounting info sent to our Checkpoint firewalls so we can enforce username based poicies?

 

We are currently using Clearpass to facilitate BYOD and are using .1x for authentication.  We need to be able to enforce the same user based FW policies to personal devices as we do corp, but as we arent seeing username ID on our firewalls, we cant.

 

Is it possibe?  Our onnly alternative is to seperate BYOD devices and Corp onto their own subnets, rahter than simply controlling access via user roles, but isnt this a somewhat outdated approach?

 

 

 

Aruba
Posts: 1,537
Registered: ‎06-12-2012

Re: Aruba and Checkpoint ID Awareness - possible to send user info from Aruba?

As of today you can not proxy accounting from clearpass. There currently is a feature request in for it.

 

I have not tested it, but in the early deployment code in AOS you can send accounting to mulitiple devices.

 

Screen Shot 2014-06-29 at 2.34.18 AM.png

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Regular Contributor I
Posts: 184
Registered: ‎03-22-2013

Re: Aruba and Checkpoint ID Awareness - possible to send user info from Aruba?

[ Edited ]

Cheers for that...

 

So looks like I will have to revert to network segmentation.. not the end of the world I suppose, just not as neat as usuing user roles to control access...

 

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: