Security

Reply

Clearpass Guest with Dissolvavle agent

Hello everyone

Im trying to configure something really simple

A captive portal, with clearpass with selft registration, with email authorization  with a simple check if the firewall is off to not let him enter the network maybe with a role which dont allow do anything until he turn on the firewall

 

Im trying to configure it with no luck (the selft registration works) the part that doesnt work is the onguard one

Im wondering if you guys can check what i have config and tell me what im missing

 

Here are my services

 

Services.JPG

Health Validator is my service to verify the firewall if its on or off

And captive  REY is the service for captive portal

 

 Here is the

Posture Policy Summery.JPG

 

Posture Policies_POLICY.JPG

Posture Policies_Posture Plugins.JPG

Posture Policy rules.JPG

 

 

 

 

 

 

 

Services_Health Verification_Services.JPG

 

Services_Health Verification_Enforment.JPG

Here is the enforment policy im using on that service

 

 

 ENFORMENT Policy.JPG

 

 

 

Here is the captive portal service, the summery

 

Service_Captive_summery.JPG

 

 

Any other info you need just ask me, i really dont know too much about onguard so please if someone can guide me what im missing that would be great

 

Thanks

 

Cheers

Carlos

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp

Re: Clearpass Guest with Dissolvavle agent

See if you have this in your registration page:

 

What version of clearpass do you have ?

In 6.3/6.4 things changed a little bit in regards to the way the page is presented

 

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA

Re: Clearpass Guest with Dissolvavle agent

Hello Victor

Thats what it was missing

 

Okay another question.

that native agent it is a disolvable agent? or the only disolvable agent isthe java one?

 

i dont see that it install anywhere.   What is the native agent?

The client dont want to leave anything installed on end users guest computers.

 

Cheers

Carlos

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp

Re: Clearpass Guest with Dissolvavle agent

It just means that it can run without relying upon something like Java, that's the way it used to work for all clients (Windows , Apple ,etc..)

 

Its much smoother now since you don't need to install Java.

 

This is not the case for Linux tho , you still need to install Java for linux which is a pain

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Aruba

Re: Clearpass Guest with Dissolvavle agent

in the 6.4 it was changed to run like the GoToMeeting agent would. The agent will just sit there until it is needed. You still have the ability to fall back to the old Java agent but too many people were having issues so the agent was developed.
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.

Re: Clearpass Guest with Dissolvavle agent

Arnold

Can you explain me more how does this work?

It something that is installed on the client?

This client will ask me how does this work?

As he is dealing with 3rd party laptops which are not their company laptops he liked the idea of the disolvavle agent which its just there and then dissapear.

Is the disolvavle agent is the java one? or in any way the native agent is a disolvavle one?

 

As a user expirience is a way more easier the native agent.   As the Java one most of the browsers will block it, and the users wont know what to do...

 

Cheeres

Carlos

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Guru Elite

Re: Clearpass Guest with Dissolvavle agent

Think of it like Akamai NetSession or GoToMeeting. The application only runs when initiated from the website whereas the persistent agent runs all the time in the background.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480

Re: Clearpass Guest with Dissolvavle agent

Hello Tim

I do understand that

But if a client did ask you

Tim is there something that will install in the end users computers and wiill remain installed?

What would you asnwer to that?

 

The scenario is simple

I saw this client which is a school in which they had 2 of their tech support registering the computers, laptops of the students, they were using mac authentication and also checking if the computer had or not antivirus 

 

So i told the IT manager that there was  a way to do all that automatically with clearpass,

I did start explaning how all worked, and went i reached to the part of the onguard, he was like wait a min! there is something that will install in the end users computers and wiill remain installed? because that could be an issue, as we dont own those computers, those are personal computers.

I tell him that there were 2 types of agents the persistent agent which is the one that you install and the disolvavle agent which should not remain installed but i needed to verify

 

And thats why im asking this last question 

I want to proper asnwer him

 

Cheers

Carlos

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Aruba

Re: Clearpass Guest with Dissolvavle agent

Sorry for the delay getting back to you Carlos. 

 

Like Tim stated its just like any other app that a user has running on their PC. Skype, Weather app, Go to Meeting and many others that users all install in their PC. It only runs when a new scan is needed.

 

The new Onguard agent is installed on the PC and it runs the scan. The user can delete it when it is done and they are granted access, but if they leave it on the PC and next time they connect all they have to do is run the scan. 

 

When the guest connects and has to run the scan it will provide the user with 2 links. One for the new agent or the old java. I would like to tell eveyone there is a perfect answer, but today there are so many different devices out there and many different browsers  that isnt really an a way to scan all devices one way. We are trying to give the users options on scaning their PC and then connecting to the network. 

 

The new agent does not require admin rights since it is olny scaning the device. It does not shut down restricted services, update antivirus, etc like the Persistent agent does. 

 

Attached is some PPT slides that explain a few of the new enhacements. 

I hope this helps. Let me know if you have any other questions.

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.

Re: Clearpass Guest with Dissolvavle agent

Troy thanks for the asnwer

What i bealive he is worry is that somehow it will harm the Laptop, and i guess he would prefer not installing anything on a laptop which belongs to the student.

Anyway i bealive this is designed to not do anything as it just scan.

 

Got a last question for you :)

Why is called disolvable agent if it remain installed?:)

 

Cheers

Carlos

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: