Security

Hi,

someone can explain me, how i must configure clearpass guest to respect French legislation ?

And what is best practice to keep correctly connection logging ?

If authorities want to lookup URL, MAC address etc ... How do i proceed ?

Thanks

ClearPass guest only authenticates the user;  it does not see user traffic or keep track of the URLS .  If you have a firewall, that would log all of the traffic to/from the guest user.  ClearPass can record via syslog or radius accounting the ip address of the guest user at the time, but the firewall should be able to record the URLs., not ClearPass.

Ok, Clearpass isn't a true guest solution...

But can i do that with Airwave APP RF or With Arubacontroleur or IAP cluster ?

Thanks

It isn't a true guest solution because it cannot record URLs?

What are the other pieces of your solution?  What is your firewall?  What is your WLAN controller?

Yes, if we compare Clearpass guest to an other solution as Ucopia.

understand "it's not an all inclusive solution for guest"


I've an Aruba controler 7205 and a IAP cluster.

All of this are monitored by Airwave.


We want log URL with an Aruba product and not another to stay independant of others architecture elements

Armand,

Please realize that what you are asking, URL logging and storing, is explicitly forbidden by European privacy rules; and by privacy regulations in many other parts of the world. I understand that there is a conflict between local French regulations and the European regulations, but as explained ClearPass is not in the traffic flow, and Airwave is logging all traffic, just not with URL detail to make the data useful for analysis. This results in customers requiring non-standard URL detailed request logging to put in additional in-line solutions. In most countries, the data-retention legislation is only applicable to service providers, not to individiual businesses providing guest access.

In my recent visits to France, the actual implementation seems to have relaxed significantly; at multiple places I could just access the guest network without any identification; so things may have changed recently. 

I'd like to ask you to contact the French Aruba team for advise, as they know local French regulations and how to handle that with Aruba equipment. Please send me a PM (personal message) through Airheads if you do not have a contact in the French Aruba.

Hi there armand,

ClearPass is actually a complete guest solution, I understand that we can sit and argue the definition of "complete" but when it come to policy enforcement and session tracking, ClearPass is up there on the top three list.

A combination of AppRF and airwave can give you what you are looking for when it come to keeping track of URLs and user's IP/username/MAC address. I got a screen shot from a lab airwave that I usually use and -as you can see in the attached- I'm viewing two weeks old info from URLs that the user visted. So the question is how long can you keep track of these info is left to be answer by the Airwave experts.

helpfully this helps :)

Hi,

thanks for this information,

I'll open new topic for Airwave.