Contributor I

WatchGuard external hostpot to ClearPass

For a PoC I'm currently testing the possibility to integrate ClearPass in an existing Watchguard WLAN environment.

For the guest this doesn't appear to be very simple as the Watchguard expects a certain http POST in order to validate if the user is authenticated.


In the accept string it expects a "sig" that is a calculation:

A hex encoded string in lower case. It is a SHA1 checksum based on the values of ts, sn, mac, success, sess_timeout, idle_timeout, and the shared secret. The shared secret you use to calculate the hash checksum must match the shared secret configured in the hotspot settings on the Firebox.

The formula to calculate the checksum value is Hash = SHA1(ts + sn + mac + success + sess-timeout + idle_timeout + shared_secret). The Firebox uses the checksum to validate the integrity of the interaction between the client browser and the external web server.


Anyone an idea on how to create this digest in order to send the HTTP post back?

Guru Elite

Re: WatchGuard external hostpot to ClearPass

This would require development work to support. Please open a feature request.

One alternative would be to see if the device supports RADIUS dynamic authorization.

Tim Cappalli | Aruba Security
@timcappalli | | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: