Security

hello :) 

 

1.is there a supporting list of switch vendors that being support by onconnect/onguard functions ? 

 

2.can we combine custom commands / scripts in the enforcement profile in order to use those commands against the switch cli ? 

 

3.can we check for compliance on vm machines ?
if so how can we enforce/disconnect machines that not compliant to the onconnect/onguard policy.

 

4.after the WMI was successfuly scaned , how can we use the information that the clearpass gettering from the wmi ? 

this information is missing from the user guide and endpoint fingerprint containes .. not working for this scenario. 

 

 

1. OnConnect is supported on ArubaOS-Switch, HPE Comware 7 and Cisco Catalyst as documented in the ClearPass Solution Guide for Wired Policy Enforcement. There are no direct NAD requirements for OnGuard (although dynamic authorization can be nice to have)
2. No
3. OnGuard would need to be installed on the VM. Not really feasible
4. Only username is used in policy

Hi Cappalli,

 

Thank you for your quick response , 

 

about the vm, qustion 3, lets say that the vm was installed with onguard on it and now the vm is not compalince .. how can we disconnect it from the network .. ? please correct me if i'm wrong, unless clearpass has a intigration with vmware, we cant control the vm connectivity only notify .. 

 

 

 

 

 

Correct. Enforcement would only apply if the NIC is bridged.