Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

CoA quarantaine profile for X time

This thread has been viewed 0 times

  • 1.  CoA quarantaine profile for X time

    Posted Apr 12, 2018 05:54 AM

    Hi,

    I've a SIEM whichs sends a trigger when a virus is detected. the SIEM makes an API call to Clearpass, to reathorize the session.

    reauthorize_session(sess, bearer, "CoA-Aruba-Role-Quarantined")

    Now i need to define a CoA profile whichs terminate and quarantaine the device for a x time.

    What profile do i need?



  • 2.  RE: CoA quarantaine profile for X time

    EMPLOYEE
    Posted Apr 12, 2018 08:05 AM
    That would ultimately require you to send another CoA to change the user role back.


  • 3.  RE: CoA quarantaine profile for X time

    Posted Apr 12, 2018 08:09 AM

    Can i use the "Aruba-Change-User-Role" for that? and which role do i have to give it? can you explain some more how to do that?



  • 4.  RE: CoA quarantaine profile for X time

    EMPLOYEE
    Posted Apr 12, 2018 08:19 AM
    Yes, you’d do the exact same thing you did for the first call. The role would be whatever you want to assign.


  • 5.  RE: CoA quarantaine profile for X time

    Posted Apr 12, 2018 09:37 AM

    When i try to change the rol. it says

    Session-Context-Not-Found

    screen.PNG



  • 6.  RE: CoA quarantaine profile for X time

    EMPLOYEE
    Posted Apr 12, 2018 09:39 AM
    Are you using the most recent authentication event?


  • 7.  RE: CoA quarantaine profile for X time

    Posted Apr 12, 2018 09:46 AM

    Yes it's a test set-up, so only one host is connected to Clearpass and IAP

    but action 2 says invalid request

    screen2.PNG



  • 8.  RE: CoA quarantaine profile for X time

    EMPLOYEE
    Posted Apr 12, 2018 09:50 AM
    Does that role exist?


  • 9.  RE: CoA quarantaine profile for X time

    Posted Apr 12, 2018 09:52 AM

    yesscreen3.PNG



  • 10.  RE: CoA quarantaine profile for X time

    EMPLOYEE
    Posted Apr 12, 2018 10:18 AM
    That’s a ClearPass role. Does the role exist on the IAP/controller?