Security

Reply
Occasional Contributor I
Posts: 8
Registered: ‎04-02-2015

ClearPass Guest, legislation respecting ?

Hi,

someone can explain me, how i must configure clearpass guest to respect French legislation ?

And what is best practice to keep correctly connection logging ?

If authorities want to lookup URL, MAC address etc ... How do i proceed ?

 

Thanks

Guru Elite
Posts: 20,598
Registered: ‎03-29-2007

Re: ClearPass Guest, legislation respecting ?

ClearPass guest only authenticates the user;  it does not see user traffic or keep track of the URLS .  If you have a firewall, that would log all of the traffic to/from the guest user.  ClearPass can record via syslog or radius accounting the ip address of the guest user at the time, but the firewall should be able to record the URLs., not ClearPass.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 8
Registered: ‎04-02-2015

Re: ClearPass Guest, legislation respecting ?

Ok, Clearpass isn't a true guest solution...

But can i do that with Airwave APP RF or With Arubacontroleur or IAP cluster ?

 

Thanks

Guru Elite
Posts: 20,598
Registered: ‎03-29-2007

Re: ClearPass Guest, legislation respecting ?

It isn't a true guest solution because it cannot record URLs?

 

What are the other pieces of your solution?  What is your firewall?  What is your WLAN controller?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 8
Registered: ‎04-02-2015

Re: ClearPass Guest, legislation respecting ?

Yes, if we compare Clearpass guest to an other solution as Ucopia.

understand "it's not an all inclusive solution for guest"


I've an Aruba controler 7205 and a IAP cluster.

All of this are monitored by Airwave.


We want log URL with an Aruba product and not another to stay independant of others architecture elements

Regular Contributor II
Posts: 229
Registered: ‎09-11-2013

Re: ClearPass Guest, legislation respecting ?

Hi there armand,

 

ClearPass is actually a complete guest solution, I understand that we can sit and argue the definition of "complete" but when it come to policy enforcement and session tracking, ClearPass is up there on the top three list.

 

A combination of AppRF and airwave can give you what you are looking for when it come to keeping track of URLs and user's IP/username/MAC address. I got a screen shot from a lab airwave that I usually use and -as you can see in the attached- I'm viewing two weeks old info from URLs that the user visted. So the question is how long can you keep track of these info is left to be answer by the Airwave experts.

 

helpfully this helps :)

 

Screen Shot 2016-03-04 at 5.19.55 PM.png 

Occasional Contributor I
Posts: 8
Registered: ‎04-02-2015

Re: ClearPass Guest, legislation respecting ?

Hi,

thanks for this information,

I'll open new topic for Airwave.

MVP
Posts: 421
Registered: ‎11-04-2011

Re: ClearPass Guest, legislation respecting ?

Armand,

Please realize that what you are asking, URL logging and storing, is explicitly forbidden by European privacy rules; and by privacy regulations in many other parts of the world. I understand that there is a conflict between local French regulations and the European regulations, but as explained ClearPass is not in the traffic flow, and Airwave is logging all traffic, just not with URL detail to make the data useful for analysis. This results in customers requiring non-standard URL detailed request logging to put in additional in-line solutions. In most countries, the data-retention legislation is only applicable to service providers, not to individiual businesses providing guest access.

In my recent visits to France, the actual implementation seems to have relaxed significantly; at multiple places I could just access the guest network without any identification; so things may have changed recently. 

 

I'd like to ask you to contact the French Aruba team for advise, as they know local French regulations and how to handle that with Aruba equipment. Please send me a PM (personal message) through Airheads if you do not have a contact in the French Aruba.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC.
Search Airheads
Showing results for 
Search instead for 
Did you mean: