Security

All,

One thing that I'm currently looking to implement is a page that users would be redirected to that would tell them that they are quarantined and they should contact IT support. I've been playing around with the various web login pages, but each time - go figure - the login button is found in the middle of the page. Is there a way to remove this button in order to have a text only page?

Guest is not my stong suite, so any help would definitely be appreciated. Thanks!

-Mike

Troy,

I'm taking you out for a beer the next time I'm out in Sunnyvale. Spot on - thanks!

-Mike

Troy,

One additional wrinkle with this. I set it up as mentioned and then placed the CP profile into a user-role on my controller with a Captive Portal profile. It redirected to that webpage, just as expected. The one hiccup was that I could never leave this page. 

I was hoping to do something like this:

1. OnGuard realizes a user's posture has changed to something not equalling HEALTHY

2. User will be redirected to the Quarantine Role

3. The user will see a captive portal page that informs them that they are quarantined

4. The user can go onto the Internet and download the required patches to fix their situation.

Right now I have the first 3 working as expected. I added the session ACL logon control and the captive portal to the role. I then removed each of them, one at a time, and tested again. No luck.

I would only like the user to be brought to the captive portal as a notification page, not as a walled garden. Any thoughts on this?

Thanks for your continued help!

-Mike

Mike,

There are a few things you can do and if you get a chance on Wed give me a call and we can see what works best for you. Then we can post the results here for everyone else. I do have a couple examples up in my lab. Take a look and let me know if any of them works for you.

1. One option is to give the user a role that has a firewall role where they are limited to just the update sites. With a forced destination that explains they are in violation and can not get full access until the device is updated. 

2. If you are using the onguard agent it can update most dat files for you automatically.

There are a few others but I want to understand exactly what you would like to see and happen.

As most of you know, if you look at the supported AV, OS, etc. You will see that it looks like its ran by the energizer bunny. It just keeps going and going..... 

Ok so this isn't a complete list and it isn't a small list, but it can give someone a start for a whitelist of the most common AV, AntiSpyware, and OS If you wanted to make a firewall policy. Feel free to add to the list.....:)

I also attached a txt file with the list. I started an arubapedia page and will post a link when its done.

akadns.com           

akadns.net            

akadns.org         

akam.net       

akamai.com        

akamai.net       

akamaiedge.net       

akamaitech.net

akamaitechnologies.com

antivirus.com

antivirus.net.my

apple.com

atdmt.com

avast.com

avg.com

avg.cz

avgfree.com

avgtechnologies.112.2o7.net

avira-update.com

avira.com

bitdefender.com

bullguard.com

ca.com

clamav.net

clamxav.com

clamxav.net

cnet.com

com.com

d4p.net

digitalriver.com

download.com

drweb-online.com

drweb.com

dw.com

edgekey.net

edgesuite-staging.net

edgesuite.net

element5.com

eset.com

f-prot.com

f-secure.com

footprint.net

free-av.com

free-av.de

g.msn.com

gdata.de

globalsign.net

grisoft.com

grisoft.cz

gtld-servers.net

howtotell.com

html.it

inecnet.cz

invision.com

kaspersky.com

kolla.de

kundenserver.de

lavasoft.com

lavasoft.de

lavasoftusa.com

liveupdate.com

liveupdate.symantec.r3h.net

llnwd.net

mcafee.com

mcafeesecurity.com

microsoft.com

microsoft.net

microworld.com

msecnd.net

msft.com

msft.net

msftncsi.com

mwti.net

nai.com

netupdate2.intego.com

networkassociates.com

norman.com

norton.com

nsatc.com

nsatc.net

nsatc.org

onecare.live.com

pandasecurity.com

pandasoftware.com

pctools.com

rising-global.com

safer-networking.org

securitywonks.net

sfmirror.softlayer.com

sophos.com

sourceforge.mirror.iweb.ca

sourceforge.net

spybotupdates.com

spynet.com

symantec.com

symantecliveupdate.com

symantecstore.com

time.windows.com

trendmicro.com

trendsecure.com

unmetered.org.uk

update.nai.com.att-idns.net

webroot.com

windows.net

windowsupdate.com

windowsupdate.net

wustat.net

wustat.windows.com

zonealarm.com

Attachment(s)

whitelist.txt   1 KB 1 version

Troy,

Sorry, I got wrapped up in a lot of work over the past few days. Yeah, send me a private message with some times that you'll be free in the upcoming week - definitely appreciate that!

I'm trying to do the equivalent of a one-time URL redirect. When a user currently is put into the quarantine role, Clearpass sends a message to their OnGuard client stating that they're in the quarantine role. I would love to also have their first web redirect be to a page that informs them of the same information. From there, they can go off and do their thing - but at least they were reminded of it once.

That's what I'm currently aiming for on the deployment that I'm working on.

Thanks!

-Mike