Security

Reply
Occasional Contributor I
Posts: 8
Registered: ‎12-21-2012

Firewall rules when using ClearPass VIP

[ Edited ]

I am designing a network where CPPM servers for guest access are in the DMZ and must specify firewall port openings when using clustering and VIP. I am assuming that in the NAS devices (Cisco/Bluesocket) I must specify the CPPM VIP.

 

I then need to have the following clarified:

- must firewall also be open for direct responses from CPPM server IPs -> NAS

- will CoA use VIP or CPPM server as IP source

 

Thanks

/rene

Rgds,
Rene Hinsch
Aruba
Posts: 1,537
Registered: ‎06-12-2012

Re: Firewall rules wnen using ClearPass VIP

the COA will come from the servers IP not the VIP so you must allow for data or management IP depending on if you use both or one.

https://arubanetworkskb.secure.force.com/pkb/articles/FAQ/What-are-the-ports-that-need-to-be-opened-on-the-network-firewall-for-ClearPass-Policy-Manager-CPPM-to-function-smoothly
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Search Airheads
Showing results for 
Search instead for 
Did you mean: