Security

Team,

I’ve published an UPDATED integration TechNote covering ClearPass 6.5.3 and CheckPoint. Whats important to note is that we have added the ability to share additional context meta-data about endpoints. This is generically available to any vendor but I’ve been working specifically with CheckPoint to have them incorporate this into the API framework, so beyond us being able to send the data to CheckPoint they can ingest and use this context in their policy enforcement, the two new exposed attributes are %device_family & %device_type.

You can find the document on the support site located here

https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Command/Core_Download/Default.aspx?EntryId=18814

Hi Danny - could you please give a few examples of what you would typically use this functionallity for? Thx!

A very simple example, we've had customers want to make a permit/deny policy decision based upon the suitability of the OS of endpoints. 

For example, and this is pushing the limit, but if a device is running XP then a policy to deny total access for the financial application might be suitable. Or something more granular, it might be the policy that a smartdevice must be running iOS 10.x, for devices running older versions a level of restriction might be enforced at the data-center or the internet edge.

Does that give you an idea of the use-cases this context could be used for?