Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Endpoint Cleanup Question

This thread has been viewed 3 times

  • 1.  Endpoint Cleanup Question

    Posted Feb 23, 2016 02:01 PM

    We are investgating the implementation of more rigid clean up intervals in order to reduce our endpoint db.   We are currently running CPPM 6.5.  In our test environment I have worked with all of the available interval settings and believe I understand them all.  That said I am left with a number of unknown endpoints that are not profiled having no attribute.  I dont see a setting where we can remove unknown, non profiled endpoints. We have tested in our testbed; max inactive time for an endpoint, known endpoints cleanup interval, unknown endpoints cleanup interval , profiled unknown endpoints clean up interval,and even played around with the profiled endpoints option set to true. All these settings will produce the desired results but we are still left with "stale" unknown, non profiled endpoints.  Please advise.  Thanks.



  • 2.  RE: Endpoint Cleanup Question
    Best Answer

    Posted Mar 01, 2016 02:32 PM

    I self resolved this .  I re investigated settings and set to 7 days.  Stale objects are gone.



  • 3.  RE: Endpoint Cleanup Question

    Posted Mar 02, 2016 09:49 AM

    Hi KI,

     

    Thanks for reporting back. I'm in a similar situation as you where there are endpoints in a domain we cannot profile but need to purge at some interval.  Since we cannot profile them they never have an "Updated At" attribute.  Which setting did you ultimately wind up tweaking to remove these Unknown Non-Profiled endpoints?  Was it the "Unknown endpoints cleanup interval" under the Cleanup Intervals tab in Cluster-Wide Parameters?  My only confusion with this is that in the documentation it says this is based on the "Updated At" value which non-profiled endpoints do not have.

     

    Thanks.



  • 4.  RE: Endpoint Cleanup Question
    Best Answer

    Posted Mar 02, 2016 10:33 AM

    JG-

     

    I ended up getting aggressive with the value on the parameter 'unknown endpoints clean up' interval setting the value to 7 days.   I had a number of stale devices with no attribute including the one you mentioned. Many were gone the next day.

     

    Also I discovered that the parameters 'known endpoint clean up' interval and 'profiled unknown endpoints clean up' interval will not accept a value over 180.  

     

    These values are located at Cluster Wide Parameters>Clean up Intervals tab

     

    I too struggled with the documentation.  We are fortunate to have a test bed so I interpreted the documentation and tested/monitored in our TB in order to get the correct combination for our environment/configuration.  I am deploying in production next Tuesday.

     

    Hope this helps.

    KI