Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Setting up external SFTP server in CPPM

This thread has been viewed 5 times

  • 1.  Setting up external SFTP server in CPPM

    Posted Mar 14, 2018 01:51 PM
      |   view attached

    So I thought this should have been a simple enough task has turnned out to be a nightmare.

    Im trying to get the external server in CPPM to work so the backups can be sent automatically.  The configuration seems to be straight forward...

    Host IP, username, password remote directory

    but each time the backup runs I get the following error message

     

    Error reading SSH protocol banner

     

    all of my other SFTPs work to this server with no problem.  I have even tried sending the file to a different server and get the same error.  Has anyone else experienced this problem and if so what was the solution or work around.



  • 2.  RE: Setting up external SFTP server in CPPM

    EMPLOYEE
    Posted Mar 14, 2018 02:08 PM
    What do the logs on the SFTP server show?
    Which version of ClearPass?


  • 3.  RE: Setting up external SFTP server in CPPM

    Posted Mar 14, 2018 04:56 PM

    The version is 6.7.0.101814....Im trying to get the logs since the server is managed by a different group.  I will post as soon as I get them.

     



  • 4.  RE: Setting up external SFTP server in CPPM

    Posted Mar 14, 2018 10:44 PM

    Hi Don,

     

    I'm also using ClearPass 6.7.0 and has issue with auto backup configuration to an external server (except that I'm using SCP, and the log message was something related to FIPS mode). I opened a TAC case and they have confirmed it's a bug, promising it'll be fixed in upcoming patch of 6.7.X. Hope this information is useful for you.

     

    Regards,



  • 5.  RE: Setting up external SFTP server in CPPM

    Posted Mar 15, 2018 09:53 AM

    Appreciate the feed back, it does let me know that some times things are not always as simple as they seem.   I opened a case as well and at this point they dont have an answer for me. 



  • 6.  RE: Setting up external SFTP server in CPPM

    Posted Mar 16, 2018 09:19 AM

    So I had a chance to speak to the server team regarding the logs and there is nothing in the logs because the connection is failing prior to it asking for user credentials.



  • 7.  RE: Setting up external SFTP server in CPPM

    EMPLOYEE
    Posted Mar 16, 2018 10:07 AM

    Hi,

     

    We have issue related to auto backup when FIPS is enabled on clearpass but it is working fine in other cases.

     

    Are you using sloarwinds SFTP/freeFTPd server or any other software in the client machine.

     

    We have done the following the File Server configuration in CPPM and freeFTPD, the transfer is succeed without any error.

    Please configure the following at your end,

    1. CPPM File Backup Server Settings1.PNG

     

    2. freeFTPD Settings

    Step 1: Create a folder in the windows desktop manually & The folder name should be your CPPM machine IP.

    2.PNG

     

    Step 2: Open the freeFTPD tool by right clicking & Run as administrator

    Configure each tab as follows and click Apply Save ,

    1. SFTP3.PNG

    2.Users

    Click the Add ... button

    freeFTPD-AddUser.PNG

     

    Configure as follows, give the same username/password what have given in the CPPM

    freeFTPD-AddUser_Detail.PNG

    Host Restrication

    4.PNG

    Logging

     

     

     

    freeFTPD-EnableLogging.PNGg

    1. Start the SFTP Servers from the tab (SFTP)freeFTPD-ServerStatus.PNG
    2. Run the following auto backup script manually in the terminal,

     4.Check the folder in the windows desktop 5.PNG