Security

I am trying to set up posture checks for wired clients on a 5412zl switch running 16.02 with Clearpass Onguard.

The process flow is as follows:

The user first connects to a production VLAN and if their device is healthy they are allowed access. If status is UNKNOWN they are bounced into a quarantine VLAN where they are redirected to the Onguard portal and no internal network access is allowed.

If they run the dissolvable agent and fail the checks I want to be able to allow them to self-remediate via some http links posted to that Onguard page (windows or AV updates etc).

Now, I understand with a controller scenario, it is possible to embed Windows/Antivirus update urls on the Onguard page and use portal free-rules and portal user-url configuration on the controller to allow them to access the links via the Internet. Is this same feature possible on the Aruba Switch OS? All I can see is ACLs using specific IP addresses or ports but not URLs, but ideally would like to be able to point them to a specific URL say Microsoft or an Antivirus website.

Thanks,

Elvis.

It will be difficult to do this level of whitelisting on the switches. This is a great use case for the per-user tunneled-node feature in the upcoming 16.04 release.

Thanks Tim. So will URL specifc filtering be available in v16.04?

Per-User Tunneled-Node is coming in 16.04 which would allow you to tunnel a quarantined user to the controller dynamically and then after they are healthy, they would be returned to local switching at the edge switch.

Great will look forward to the update. Thanks!