Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass Profiler

This thread has been viewed 9 times

  • 1.  Clearpass Profiler

    Posted Oct 28, 2017 01:11 PM

    Is it possible to prevent Clearpass from scanning defined subnets? My client has a security requirement to not scan certain parts of the network. 

     

    I have configured a Scheduled scan via Configuration\Profile Settings. I set a very specific IP Subnet to Scan (10.10.1.0/24). I also set the same specific Subnet in the SNMP Tab. When that subnet gets scanned, it finds my Core router as it should. Since it has SNMP credentials to scan, it does and discovers devices on all the different subnets (172.16.x.x for example). It then proceeds to SNMP scan these devices as well as checking the default ports 135 and 3389 (as defined in Cluster Wide params). 172.16 has not been configured to scan. 

     

    How can I configure it to NOT scan devices in other subnets? 

     

    (BTW - I gathered this data by wirehark capture on Clearpass interface)

     

     



  • 2.  RE: Clearpass Profiler
    Best Answer

    Posted Nov 03, 2017 04:48 PM

    Answering my own question. I opened a TAC case. They have advised it is not possible to filter or prevent certain networks from being scanned. I could of course configured ACL's on the switches but this would be a very tedious effort.