(Not really a security related question but it's one of the few groups that actually include Clearpass and Clearpass related questions.... Where should general Clearpass questions go?)
Can someone please explain how Monitor Mode is supposed to work when creating a new Clearpass Servcie?
Docs say:
Optionally check the Enable to monitor network access without enforcement to allow authentication and health validation exchanges to take place between endpoint and Policy Manager, but without enforcement.
In Monitor Mode, no enforcement profiles (and associated attributes) are sent to the network device.
Since the Services are top - down similar to a firewall. If a service is put in place, in monitor mode, does it not flow through to the next service? Because it does not appear to do so.
I put a new service into Monitor mode and enabled it expecting it to hit that service, log it (to be able to check on via Access Tracker), but pass through to the next Service which is the current, working service. It did not work this way.
It seems that it hit my test service, logged it, and stopped, never passing through to the next Service. It ended up causing access failures for many people since the next Service was never hit/reached.
Is this expected behavior? It was NOT what I was expecting. (What is the point of Monitor Mode if it breaks things?)