Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

%{GuestUser:simultaneous_use} equivalent

This thread has been viewed 5 times

  • 1.  %{GuestUser:simultaneous_use} equivalent

    Posted Sep 30, 2016 01:06 PM

    http://imgur.com/a/2DKlm

     

    I have a need to replicate the 'Session-Check' -> 'Active-Session-Count' -> 'GuestUser:simultaneous_use' template enforcement profile provided for Guest, for an external SQL auth DB.

     

    Use case is guest user credentials can only auth/access guest using 3 different endpoints.  If greater than 3, then disconnect session.

     

    I need to summate username's used for authentication against a variable.  The rest of the logic I can do.

     

    Some ideas ?

     

    Each time guest is accessed [endpoint repository] is updated and username attribute added to the endpoint listing.

    Is there anyway I can leverage this information ?



  • 2.  RE: %{GuestUser:simultaneous_use} equivalent
    Best Answer

    Posted Sep 30, 2016 01:13 PM

    What about this existing filter and attribute definition in [Endpoint Repistory] ?

     

    http://imgur.com/a/dUdSw

     

    I'm struggling to interpret what 'unique-device-count' is ?

    How many unique devices against a given username ?

    If so.. this is literally what I need.  If not... then logic is pretty close.