Security

Reply
MVP
Posts: 342
Registered: ‎05-09-2013

ClearPass Time Source Now Minus 3 Days

Good morning everyone,

 

I configured ClearPass to integrate with an existing AirWatch solution. I tried configuring a condition in Role Mapping that would verify the device had checked in to AirWatch in the past 3 days from that authentication.


I went to Time Source and copied the "now_plus_1day" attribute and modified it as follows:

 

Now Plus 1 Day

SELECT (EXTRACT (EPOCH FROM NOW() + interval '1 days'))::int AS now_plus_1day;

 

Now Minus 3 Days

SELECT (EXTRACT (EPOCH FROM NOW() - interval '3 days'))::int AS now_minus_3days;

 

I also updated the Name and Alias to match. I left the Data Type as Integer. 

 

When an authentication comes through, the access tracker logs show the entry as a string of numbers and not a date/time stamp. The Last Checked In for AirWatch in the logs is a date/time stamp. Due to this it is not interpreting it the way it should and we are getting an "out of compliance" role instead of "airwatch-valid" role. 

 

Any recommendations or anything I missed to accomplish this? Would anyone have a working example?

 

Thank you.

 


Michael Haring | Network Engineer - ACMP, ACCP
Comm Solutions Company | www.commsolutions.com
Guru Elite
Posts: 8,180
Registered: ‎09-08-2010

Re: ClearPass Time Source Now Minus 3 Days

[ Edited ]

It's likely due to the format of the timestamp.

 

Try this instead:

 

SQL query:

select localtimestamp(0)+ interval '3 days' as three_days_from_now

Then create the attribute to match.

mharing-3daysfromnow.PNG


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
MVP
Posts: 342
Registered: ‎05-09-2013

Re: ClearPass Time Source Now Minus 3 Days

Thanks I will give that a try, would the minus symbol work to incorporate "3 days ago" instead of "3 days from now"? 


Michael Haring | Network Engineer - ACMP, ACCP
Comm Solutions Company | www.commsolutions.com
MVP
Posts: 342
Registered: ‎05-09-2013

Re: ClearPass Time Source Now Minus 3 Days

Tested the string you provided, and it worked perfectly. Thank you for your help!


Michael Haring | Network Engineer - ACMP, ACCP
Comm Solutions Company | www.commsolutions.com
Contributor I
Posts: 28
Registered: ‎12-15-2016

Re: ClearPass Time Source Now Minus 3 Days

Hi @mharing, I want to acomplished the same with the "Last check in" attribute, I was wondering how did you achive this, what I want to do is for example a PC last check in was 3 day ago assigned a different role and send it to a Quarentine VLAN, can you post the SQL script you used to have an example? thanks a lot.

Guru Elite
Posts: 8,180
Registered: ‎09-08-2010

Re: ClearPass Time Source Now Minus 3 Days

Is your "Last Check In" attribute using epoch or human readable time?


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Contributor I
Posts: 28
Registered: ‎12-15-2016

Re: ClearPass Time Source Now Minus 3 Days

[ Edited ]

I would like to test both, right now I have a filter that adds the "Last Check In" attibute to authenticated machines this is the query that I'm using (Time Source)

 

select localtimestamp(0)- interval '3 days' as three_days_ago

 

Is returning this time format:

 

2017-03-09 08:33:07

Guru Elite
Posts: 8,180
Registered: ‎09-08-2010

Re: ClearPass Time Source Now Minus 3 Days

[ Edited ]

So essentially, you just need an enforcement rule that says: 

 

Endpoint:Last Check In   LESS_THAN %{[Time Source]:Your Attribute}

 

You may need to flip that logic depending on what you're trying to do.


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
MVP
Posts: 342
Registered: ‎05-09-2013

Re: ClearPass Time Source Now Minus 3 Days

I think we used the GREATER_THAN, but yes it was the exact same condition:

 

If Last Check-In to AirWatch is Greater Than 3 days ago (4 days +) Than assign role "Out of Compliance". 

 

In enforcement policy: If role = Out of Compliance than assign Quarantine VLAN/User-role.


Michael Haring | Network Engineer - ACMP, ACCP
Comm Solutions Company | www.commsolutions.com
Contributor I
Posts: 28
Registered: ‎12-15-2016

Re: ClearPass Time Source Now Minus 3 Days

Thanks a lot for your help, will test it that way and post resutls.

Search Airheads
Showing results for 
Search instead for 
Did you mean: