Security

Reply

ClearPass - Disabling Automatic Updating

Good afternoon all,

 

With the recent issue with the AV update that crashed multiple clearpass servers, I would like to ensure the AV/Posture updates are not automatically downloaded by ClearPass, so I can apply them in test environments prior to production. How would I go about that? I know there is an option in Cluster-Wide Parameters, but I don't know if that's for the right updates.

 

Thanks.


Thank you.

Michael Haring | AIS Consultant
Architecture and Implementation Solutions
Optiv Security Inc. | www.optiv.com
Guru Elite

Re: ClearPass - Disabling Automatic Updating

Occasional Contributor I

Re: ClearPass - Disabling Automatic Updating

Curious on this, too. We've identified three approaches:

  1. Remove subscription ID.
  2. Toggle Cluster-wide parameter
  3. Block via some other means. Proxy, content filter, etc.

The one you've suggested (#2) seems like it will produce the least amount of red scary text on the Updates page. Hoping that someone from Aruba can chime in.

Re: ClearPass - Disabling Automatic Updating

@Cappalli thank you for the information. I'll take that option into account, but do we know the option in Cluster-Wide Parameters - does that include AV/Posture and Firmware updates? I looked up the description in the User Guide and it isn't specific.

 

Thanks.


Thank you.

Michael Haring | AIS Consultant
Architecture and Implementation Solutions
Optiv Security Inc. | www.optiv.com

Re: ClearPass - Disabling Automatic Updating

@mcdaviddj I agree with those three approaches. I'm hoping #2 also solves the same problem, but I also need verification to be sure.

 

The other easiest option is #1, as some places have different teams who manage resources, and #3 could take some time to get done and undone.


Thank you.

Michael Haring | AIS Consultant
Architecture and Implementation Solutions
Optiv Security Inc. | www.optiv.com
Highlighted
Guru Elite

Re: ClearPass - Disabling Automatic Updating

Option 2 is only for software updates.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480

Re: ClearPass - Disabling Automatic Updating

In Service Parameters --> Clearpass System Services you could put a dummy proxy address in there.

 

You could also put a fake DNS entry on your DNS server for clearpass.arubanetworks.com.

 

Neither of these are elegant though.


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACCX #817, ACMP, ACMX #294
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: