Security

Reply
Contributor I
Posts: 47
Registered: ‎06-15-2010

Clearpass - External Access to Guest services, Securing CPPM

Airheads,

 

I'm looking into making Clearpass Guest available externally, outside of our firewall, for the purpose of sponsor guest access approval through an e-mail link as well as guest account creation through the Guest portal. I have some security concerns. I believe there isn't a facility to prevent access to other CPPM components if port 443 & 80 are opened. I'm probably wrong which is why I wanted to reach out to the community and find out what are other people doing and what are some thoughts on the topic. Last time I researched the topic I was told by an Aruba VAR tech that utilizing the second port on the virtual & physical appliance won't assist in preventing access to other CPPM components and mgmt interfaces. Is there a facility within CPPM to restrict access to certain components to certain subnets or another way to secure CPPM if exposed externally?

 

Thanks,

Peter

 

 

Guru Elite
Posts: 7,829
Registered: ‎09-08-2010

Re: Clearpass - External Access to Guest services, Securing CPPM

You can use the application ACL feature to limit access to other modules.

 

cp-restrict-access.PNG


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Contributor I
Posts: 47
Registered: ‎06-15-2010

Re: Clearpass - External Access to Guest services, Securing CPPM

Thanks for the info capalli. I knew there was a feature like this in one of the menus.

Have you examined changing the redirect webpage that is being displayed to the clients that try to access the other components? It would be great if it was possible to conceal that the guest solution is running on Clearpass for security reasons.

Guru Elite
Posts: 7,829
Registered: ‎09-08-2010

Re: Clearpass - External Access to Guest services, Securing CPPM

Sounds like a great feature request.


Thanks,
Tim

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Search Airheads
Showing results for 
Search instead for 
Did you mean: