Security

last person joined: 23 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Netbios traffic to ClearPass?

This thread has been viewed 0 times

  • 1.  Netbios traffic to ClearPass?

    Posted Nov 17, 2016 03:23 PM

    Is there any reason domain joined windows clients would be trying to send UDP/137 and UDP/138 traffic to ClearPass?

    We've just moved our ClearPass servers behind a firewall and have noticed a lot of this traffic dropped in the logs.

     

    Clients are authenticating using PEAP, but in theory would have no way of knowing about ClearPass? Unless it is somehow related to DHCP relay - the L3 gateway for the client subnets has an IP helper configured pointing to ClearPass for DHCP fingerprinting.



  • 2.  RE: Netbios traffic to ClearPass?
    Best Answer

    EMPLOYEE
    Posted Nov 17, 2016 05:55 PM

    The helper address forwards all broadcasts, unless you filter out what it forwards.