Security

Airheads,

I'm looking into making Clearpass Guest available externally, outside of our firewall, for the purpose of sponsor guest access approval through an e-mail link as well as guest account creation through the Guest portal. I have some security concerns. I believe there isn't a facility to prevent access to other CPPM components if port 443 & 80 are opened. I'm probably wrong which is why I wanted to reach out to the community and find out what are other people doing and what are some thoughts on the topic. Last time I researched the topic I was told by an Aruba VAR tech that utilizing the second port on the virtual & physical appliance won't assist in preventing access to other CPPM components and mgmt interfaces. Is there a facility within CPPM to restrict access to certain components to certain subnets or another way to secure CPPM if exposed externally?

Thanks,

Peter

You can use the application ACL feature to limit access to other modules.

Thanks for the info capalli. I knew there was a feature like this in one of the menus.

Have you examined changing the redirect webpage that is being displayed to the clients that try to access the other components? It would be great if it was possible to conceal that the guest solution is running on Clearpass for security reasons.