Security

Reply
MVP
Posts: 562
Registered: ‎11-28-2011

Clearpass 5K Appliance

Hi,

 

The customer I'm visiting next week has purchased the 5k appliance. This is a first for me, as every other customer I've seen over the last couple of years has gone for the VA version.

 

So this got me thinking I should download the lastest patches/updates etc for it just to be safe. And I should probably get the ISO to rebuild it "just in case".

 

I've just browsed around all the Clearpass download areas, and I can only see the VM/VAs and an OVF for eval purposes...

 

Capture1.PNG

 

So, if there's no ISO, what do you rebuild the appliance from if it's trashed? Do you just ESXi host build it, and install the 5K VA on top?

 

Moving on from that thought, are the upgrades and patches (for VAs normally) that are there suitable for the appliance (including the OpenSSL fix)? For example, assuming the appliance has shipped with 6.1 or 6.2, can I apply the following upgrade/patch files in order?

 

CPPM-x86_64-6.3.0.60537-upgrade.zip.signed

CPPM-x86_64-20140217-clearpass-6.3-updates-1-patch.zip.signed

CPPM-x86_64-20140408-631-openssl-fix-patch.zip.signed

 

Any hints/tips appreciated.

Kudos appreciated, but I'm not hunting! (ACMX 104)
MVP
Posts: 4,225
Registered: ‎07-20-2011

Re: Clearpass 5K Appliance

 

If you have access to the internet and the subscription ID you should be able to download that way but you could use this one :
2014-04-17 11_42_47-Clearpass 5K Appliance - Airheads Community.png

 

Moving on from that thought, are the upgrades and patches (for VAs normally) that are there suitable for the appliance (including the OpenSSL fix)? For example, assuming the appliance has shipped with 6.1 or 6.2, can I apply the following upgrade/patch files in order?

 

CPPM-x86_64-6.3.0.60537-upgrade.zip.signed

CPPM-x86_64-20140217-clearpass-6.3-updates-1-patch.zip.signed

CPPM-x86_64-20140408-631-openssl-fix-patch.zip.signed

 

Yes

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
MVP
Posts: 562
Registered: ‎11-28-2011

Re: Clearpass 5K Appliance

Thanks Victor, top man regarding the patches.

 

Just to be clear on the first point, I'm going to assume the customer "can't find" the subscription IDs next week (usually an email hunt involved). So, am I right regarding needing to build ESXi on the host appliance first (if it comes to it)? And if I do, what version is preferred? 5? 6? I've got a few discs in the garage.

 

Kudos appreciated, but I'm not hunting! (ACMX 104)
MVP
Posts: 4,225
Registered: ‎07-20-2011

Re: Clearpass 5K Appliance

 So, am I right regarding needing to build ESXi on the host appliance first (if it comes to it)? And if I do, what version is preferred? 5? 6? I've got a few discs in the garage.

 

No need to do that.

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
MVP
Posts: 562
Registered: ‎11-28-2011

Re: Clearpass 5K Appliance

[ Edited ]

Ok.

 

But if the appliance OS is corrupt, how would I rebuild it using the VA 5k zip download?

 

The zip only contains an OVF, which you can't image a physical host appliance from to my knowledge (you'd need an ISO or similar).

 

Am I confused?

 

Kudos appreciated, but I'm not hunting! (ACMX 104)
Aruba
Posts: 1,540
Registered: ‎06-12-2012

Re: Clearpass 5K Appliance

You need to open a TAC case. You can not re image an appliance. It does not run on vm.
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
MVP
Posts: 562
Registered: ‎11-28-2011

Re: Clearpass 5K Appliance

Really?

 

That's interesting. I'll bear that in mind then.

 

Thanks.

Kudos appreciated, but I'm not hunting! (ACMX 104)
Search Airheads
Showing results for 
Search instead for 
Did you mean: