A client of mine has their clearpass box at one location with is connected by the following flow:
Client - Controller - Firewall - VPN --- VPN - Firewall - Clearpass Server
At the clients side do I need to allow their client subnet dhcp, dns, http and https, and just at the Clearpass Server side allow http and https?
Every thing has to have an ACL, nothing is wide open(any,any).