Security

Reply
Contributor I

Restricting Guest users Access to Management WEBUI

We would like to restrict guest users access to the WEBUI.  I see the ability to to this via the Network tab of each appliance via server config. However the settings are confusing.  Could someone elaborate.  I need an example in order to understand.  Thanks

 

Snap1.png

Guru Elite

Re: Restricting Guest users Access to Management WEBUI

Policy Manager is the admin UI. You can allow or deny subnets.

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I

Re: Restricting Guest users Access to Management WEBUI

Thank you. Where I get confused is:

 

I want to deny our guest ip range.  So say x.x.x.x..x/20

 

I Select Policy Manager in the Resource field

then I select Deny in the Access field

then place x.x.x.x./20 in the Network Field.

 

Am I stating that I want policy manager access denied to x.x.x.x./20?

or

Policy manager access is denied, then denied all access except x.x.x.x./20 ?

Sorry if it doesnt make sense.

Re: Restricting Guest users Access to Management WEBUI

As the screenshot indicates, you have two options:

 

1) Allow, then put in the subnets/IPs from which you want to allow access to the admin UI. Put in your admin IP addresses in here. Access from all other IP addresses will be denied in that case, including your guest range.

2) Deny, then put in the subnets/IPs for which you want to explicitly deny access. Everything else will be allowed.

 

Whenever possible, I would use the Allow option and only allow access from authorized IP ranges. The guest range will be automatically denied, and other ranges that you might not be aware of to have IP access.

 

Please also check the other services, like Insight, and lock those down as well during the hardening process.

 

When asking questions like these, it may be useful to get and read the ClearPass hardening guide from the ClearPass Technote section on the support website.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: