Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass netflow collector

This thread has been viewed 7 times

  • 1.  Clearpass netflow collector

    Posted Oct 25, 2017 03:31 PM

    Hello,

     

    I am working on a POC for Clearpass. We are running through the several collectors Clearpass has for profiling. One of them is Netflow but I was not able to find much information on how Netflow is used or configured on Clearpass.

     

    From the docs I think I understood that Netflow will be used to discover ports that endpoints are using. Is this just for previously discovered endpoints or will it discover new endpoints?

     

    How is it configured on Clearpass? Does it need to be enabled somewhere on the server and what port is it listening on?

     

    Thanks.

     

    Edit: punctuation



  • 2.  RE: Clearpass netflow collector

    Posted Oct 25, 2017 09:06 PM

    Your correct in that it will discover open ports and it is also for new endpoint a feed into profiler to allow us to 'find/discover' new endpoints.

     

    Note V5/V9 and V10 aka IPFIX + sFLOW is supported.

     

    HTH.



  • 3.  RE: Clearpass netflow collector

    Posted Oct 26, 2017 03:01 PM

    Hi, thanks for the reply.

     

    Is there something I need to do on Clearpass to enable it? I can't find anything in the documentation other than the reprofile interval.

     

    I have it configured on a couple of test switches but nothing seems to show up in Clearpass.

     

    Thanks



  • 4.  RE: Clearpass netflow collector

    Posted Oct 28, 2017 02:10 AM

    Nope - it ready to use.