Security

Good afternoon all,

With the recent issue with the AV update that crashed multiple clearpass servers, I would like to ensure the AV/Posture updates are not automatically downloaded by ClearPass, so I can apply them in test environments prior to production. How would I go about that? I know there is an option in Cluster-Wide Parameters, but I don't know if that's for the right updates.

Thanks.

http://community.arubanetworks.com/t5/Security/ClearPass-AV-AS-software-update/td-p/309692

@Cappalli thank you for the information. I'll take that option into account, but do we know the option in Cluster-Wide Parameters - does that include AV/Posture and Firmware updates? I looked up the description in the User Guide and it isn't specific.

Thanks.

Curious on this, too. We've identified three approaches:

1. Remove subscription ID.
2. Toggle Cluster-wide parameter
3. Block via some other means. Proxy, content filter, etc.

The one you've suggested (#2) seems like it will produce the least amount of red scary text on the Updates page. Hoping that someone from Aruba can chime in.

@mcdaviddj I agree with those three approaches. I'm hoping #2 also solves the same problem, but I also need verification to be sure.

The other easiest option is #1, as some places have different teams who manage resources, and #3 could take some time to get done and undone.

In Service Parameters --> Clearpass System Services you could put a dummy proxy address in there.

You could also put a fake DNS entry on your DNS server for clearpass.arubanetworks.com.

Neither of these are elegant though.

Option 2 is only for software updates.