Security

Reply
MVP
Posts: 3,009
Registered: ‎10-25-2011

Clearpass software update to proxy

We are putting a clearpass on a client and we need to update thorugh a proxy mcaffy gateway

 

We are configuring this on the clearpass

 

  • Administration / Server Manager / Server Configuration
  • Select and open the server config
  • Select the tab "Service parameters" and select the "Clearpass system service"
  • Here we are configuring the IP and the port of the proxy

 

But it doesnt work...

I  am missing something in the configuration?? the client told me that they already configured the proxy but still not working...

 

Cheers

Carlos

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Guru Elite
Posts: 21,291
Registered: ‎03-29-2007

Re: Clearpass software update to proxy

Does the proxy require authentication?  Please give us more details about the proxy, or open a TAC case if you cannot reveal the details.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 3,009
Registered: ‎10-25-2011

Re: Clearpass software update to proxy

no o authentication required.

What info do you need Colin?

 

Cheers

Carlos

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Guru Elite
Posts: 21,291
Registered: ‎03-29-2007

Re: Clearpass software update to proxy

What port does it use?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 519
Registered: ‎11-04-2011

Re: Clearpass software update to proxy

Please double-check that your proxy (McAfee) does not intercept the HTTPS traffic. That feature that can have many names, like SSL inspection, or any combination with HTTPS, TLS, SSL and interception/inspection/similar words, break the SSL connection (man-in-the-middle) and ClearPass will not connect as the server certificate for the updates server cannot be trusted anymore.

 

Disable SSL inspection for your ClearPass server. 

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
MVP
Posts: 3,009
Registered: ‎10-25-2011

Re: Clearpass software update to proxy

Its odd because he does not see any logs on the mcaffy.  The clearpass is added to the global whitelist.

We see the traffic passing trhough the firewall, but we do not see any log on the mccaffy, or at least the administrator of the mcaffy says that.

 

Like if the traffic is getting lost between the firewall and the mcaffy..

 

Is my configuration correct? i just want to know if my configuration on my clearpass is correct and i dont miss anything...

 

Collin the port is 8080

 

Cheers

Carlos

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
MVP
Posts: 519
Registered: ‎11-04-2011

Re: Clearpass software update to proxy

Carlos,

 

Yes, setting the proxy like that should work. You might try a restart of the system to make sure all processes use the new proxy setting, but I don't believe that should be needed unless ClearPass asked you to reboot.

 

If it still does not work, please contact Aruba TAC as they can see together with you what is happening and may be the root cause of what you experience.

 

Herman

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Search Airheads
Showing results for 
Search instead for 
Did you mean: