Hi,
I have tried to have a look for this information but have not found anything useful as yet.
I want to know general information on how to setup a quarantine VLAN correctly with OnGuard and what is the best way to set this up with HP MSM.
With Aruba wireless controllers, you can send a quarantine role back and you do not even need to have a separate VLAN for this as the role will define the access.
The specific question for this is, what do you need to allow in this role?
Does Aruba have a list of sites that need to be allowed and is this something that is maintained by Aruba?
I have seen other people’s install implement the following on the role:
(Unfortunately those people are not around anymore to ask the question to.)
User role example:
User any appcategory antivirus permit
Any ClearPass VIP https permit
Any ClearPass VIP tcp6658 permit
So if I end up in remediation how does the above rule allow me to contact remediation sites to get my update?
Looking at the controller antivirus category it allows the following:
#show dpi application category antivirus
List of Applications
--------------------
Name App ID App Category Default Ports Applied
---- ------ ------------ ------------- -------
fsecure 2249 antivirus tcp 80,443 0
ghostsurf 1107 antivirus tcp 12200 0
mcafee 111 antivirus tcp 80 0
peerguardian 2006 antivirus tcp 80,443 0
sophos-update 1096 antivirus tcp 80 0
zonealarm-update 754 antivirus tcp 80,443 0
Total applications in this category = 6
For example, if I fail for not having up to date definitions for my AVG AV, how does the above allow me to get my updates when AVG is not listed ?
This would be the same question for any other AV i.e Kaspersky, Avast, etc
They are not listed above so how will they get any updates?
I am doing a HP MSM Wireless configuration with ClearPass and they would like to use OnGuard.
What is the correct way in creating a remediation VLAN?
What sites do I need to allow access to?
How can the VLAN be restricted through the firewall? Is restricting on the firewall the correct way to do it?
Please let me know your thoughts on the correct way to create a remediation VLAN when using Aruba Wireless, Wired, non-Aruba Wireless and Non-Aruba Wired?
Thanks,