Security

last person joined: 2 days ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass software update to proxy

This thread has been viewed 2 times

  • 1.  Clearpass software update to proxy

    Posted Sep 13, 2016 05:56 PM

    We are putting a clearpass on a client and we need to update thorugh a proxy mcaffy gateway

     

    We are configuring this on the clearpass

     

    • Administration / Server Manager / Server Configuration
    • Select and open the server config
    • Select the tab "Service parameters" and select the "Clearpass system service"
    • Here we are configuring the IP and the port of the proxy

     

    But it doesnt work...

    I  am missing something in the configuration?? the client told me that they already configured the proxy but still not working...

     

    Cheers

    Carlos



  • 2.  RE: Clearpass software update to proxy

    EMPLOYEE
    Posted Sep 13, 2016 08:33 PM

    Does the proxy require authentication?  Please give us more details about the proxy, or open a TAC case if you cannot reveal the details.



  • 3.  RE: Clearpass software update to proxy

    Posted Sep 13, 2016 09:13 PM

    no o authentication required.

    What info do you need Colin?

     

    Cheers

    Carlos



  • 4.  RE: Clearpass software update to proxy

    EMPLOYEE
    Posted Sep 13, 2016 09:58 PM

    What port does it use?



  • 5.  RE: Clearpass software update to proxy

    EMPLOYEE
    Posted Sep 14, 2016 03:27 AM

    Please double-check that your proxy (McAfee) does not intercept the HTTPS traffic. That feature that can have many names, like SSL inspection, or any combination with HTTPS, TLS, SSL and interception/inspection/similar words, break the SSL connection (man-in-the-middle) and ClearPass will not connect as the server certificate for the updates server cannot be trusted anymore.

     

    Disable SSL inspection for your ClearPass server. 



  • 6.  RE: Clearpass software update to proxy

    Posted Sep 14, 2016 12:18 PM

    Its odd because he does not see any logs on the mcaffy.  The clearpass is added to the global whitelist.

    We see the traffic passing trhough the firewall, but we do not see any log on the mccaffy, or at least the administrator of the mcaffy says that.

     

    Like if the traffic is getting lost between the firewall and the mcaffy..

     

    Is my configuration correct? i just want to know if my configuration on my clearpass is correct and i dont miss anything...

     

    Collin the port is 8080

     

    Cheers

    Carlos



  • 7.  RE: Clearpass software update to proxy

    EMPLOYEE
    Posted Sep 16, 2016 10:05 AM

    Carlos,

     

    Yes, setting the proxy like that should work. You might try a restart of the system to make sure all processes use the new proxy setting, but I don't believe that should be needed unless ClearPass asked you to reboot.

     

    If it still does not work, please contact Aruba TAC as they can see together with you what is happening and may be the root cause of what you experience.

     

    Herman