Security

Hi All,

 

I've set up a Clearpass server as a radius server and a Fortigate firewall.

 

Can i connect those two together with syslog or something? So when a user is blocked by fortigate because of virus isues. Clearpass recieves a message and puts the user in a restricted vlan.

 

When the user is a Smartphone he gets a different threatment than a IPcam. for example. a smartphone get blocked by three violations and an IPcam immediately.

 

Someone know a solutions?

Thanks

 

 

You (or your ClearPass Partner) would need to build an Ingress Event Engine dictionary for Fortigate. We do not have one available today.

Thanks i'll try that.

But what option do i chose for "configuration->Network->event sources"?

only checkpoint, infoblox, palo alto and Juniper are availabe.

does the vendor matter or is it for all syslog the same?

 

 

Have you had any success with this?

I note that the following link states dictionaries for ingress control with fortinet are included as of 6.6.1

https://gold.nvc.co.jp/document/aruba/Releasenote/ClearPass/clearpass6.6.x/ClearPass_6.6.1_ReleaseNotes.pdf

 

The new Ingress Event Engine enables ClearPass to process Syslog events from third-party devices to make

policy changes in realtime. For example: (#28446, #29415, #30254, #32451)

-  A third-party device could signal to a ClearPass appliance to quarantine or block a user if the contents indicate the presence of malware.

- Syslog dictionaries from leading vendors such as Palo Alto Networks, Checkpoint, Juniper Networks, and Fortinet are included by default.