Security

last person joined: 22 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

CPPM Endpoint cleanup

This thread has been viewed 3 times

  • 1.  CPPM Endpoint cleanup

    Posted Apr 07, 2014 01:25 PM

    In the CPPM  (6.2.5) Cluster-Wide Parameters, there are some settings for endpoint cleanup.

    We have:

    -Maximum inactive time for an endpoint
    set to 30 days

    -Known endpoints cleanup interval
    set to default -- 0

    -Unknown endpoints cleanup interval
    set to -- 7 days

    -Profiled Unknown endpoints cleanup interval
    set to -- 7 days

    I wanted to make sure I understand these settings.  Do the combination of these settings result in:

     

    "Unknown" and "Profiled Unknown" endpoints inactive/unused for more than 30 days will be checked and cleaned up every 7 days.

     

    "Known" endpoints inactive/unused for more than 30 days won't be cleaned up (every 0 days).

     

    Thanks,

    Bryan

     



  • 2.  RE: CPPM Endpoint cleanup

    EMPLOYEE
    Posted Apr 08, 2014 09:17 AM

    In the endpoint database, there is a known/unknown column.  Your assumptions are correct.  The cleanup interval is how often the database is purged of stale entries.  A value of 0 is that it will never be removed.



  • 3.  RE: CPPM Endpoint cleanup

    Posted Apr 04, 2017 05:11 AM

    Hi Seth,

    So would that mean that the (40days inactive) setup below wouldnt work as the known and unknown cleanup interval is 0?

    Maximum inactive time for an endpointdays
    40
    Cleanup interval for Session log details in the databasedays
    7
    Cleanup interval for information stored on the diskdays
    7
    Known endpoints cleanup intervaldays
    0
    Unknown endpoints cleanup intervaldays
    0
    Expired guest accounts cleanup intervaldays
    365
    Profiled Unknown endpoints cleanup intervaldays
    0
    Static IP endpoints cleanup option 
    FALSE
    Old Audit Records cleanup intervaldays
    7
    Profiled Known endpoints cleanup option 
    FALSE


  • 4.  RE: CPPM Endpoint cleanup

    Posted May 19, 2017 02:25 PM

    Which attribute is used in the "Maximum inactive time for an endpoint " could be last authentication time? , I'm asking this because  I'm testing a post authentication profile to add an attribute that updates the last authentication time in the endpoint repositiory , for example leave the Cleanup interval to 90 days but if an endpoint connects  at day 89 extend the time  for 90 more days in order to maintain the endpoint in the database. Thanks in advanced.