Security

last person joined: 11 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass || Juniper SRX integration

This thread has been viewed 1 times

  • 1.  Clearpass || Juniper SRX integration

    Posted Sep 01, 2016 11:41 AM

    Hi all,

     

    I'm attempting to integrate my Juniper SRX240 with CPPM 6.6. I have the devices talking to each other, but it seems that the context push from CPPM to SRX is somewhat hit and miss. I've been working off of an Aruba provided Tech note for Juniper SRX and followed ( I believe ) the directions. The issue I see is that when authenticating to Clearpass, the user info is not always pushed to the SRX. ( There is no authentication-table entry. ). When initiating a pull from SRX to Clearpass, it returns a result set with the state as pending. Has  anyone seen this?

     

    Thanks,

    Nick



  • 2.  RE: Clearpass || Juniper SRX integration

    EMPLOYEE
    Posted Sep 01, 2016 12:13 PM
    What version of code are you running?


  • 3.  RE: Clearpass || Juniper SRX integration

    Posted Sep 01, 2016 12:17 PM

    Clearpass is version 6.6

    SRX : 12.3X48-D35.7

     

    Should be latest on both.



  • 4.  RE: Clearpass || Juniper SRX integration

    Posted Sep 01, 2016 02:35 PM

    This one turns out to be user error. If the CPPM timestamp is too far off from the SRX unreliable results occur.

     

    With a timestamp in the past on the CPPM, authenticated users will eventually show up in the SRX user table, but it could be hours before that happens. Having timestamps in sync is important here...