Security

Reply
Frequent Contributor II

cannot fetch device category parameter

Hi Guys,

i'm testing a BYOD rule where i need to fetch a Device Category parameter from the endpoint repository. i used to get it successfully, but i dont what config i changed cause this parameter stop showing up on my access tracker.

i already have Device Repository as one of the Auth source

Authorization Source:
[Endpoints Repository], [Onboard Devices Repository], SMIG_AD-GRESIK

but the only authorization parameter i get from the input tab|Authorization in from my AD source.

Authorization:SMIG_AD-GRESIK:Account Expires9223372036854775807 [30828-09-14 09:48:05 WIB]
Authorization:SMIG_AD-GRESIK:memberOfCN=Administrators,CN=Builtin,DC=smig,DC=corp, CN=DnsAdmins,CN=Users,DC=smig,DC=corp, CN=Domain Admins,CN=Users,DC=smig,DC=corp, CN=Domain Controllers,CN=Users,DC=smig,DC=corp
Authorization:SMIG_AD-GRESIK:NameCLEARPASS
Authorization:SMIG_AD-GRESIK:UserDNCN=CLEARPASS,CN=Managed Service Accounts,DC=smig,DC=corp

what am i missing here that caused no parameter from my endpoint shows up?

thanks in advance.

Ricky.

Ricky E. Lee
CWNA | ACMP | ACCP
Guru Elite

Re: cannot fetch device category parameter

Can you confirm that the category is set for that MAC address in the endpoint database? 


Thanks, 
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor II

Re: cannot fetch device category parameter

Hi Tim, yes i have some of them profiled as shown below. same device that used to show the category in the access tracker, now no longer does it anymore. this causes many of my rule filter fails.

endpoint.png

Ricky

Ricky E. Lee
CWNA | ACMP | ACCP
Frequent Contributor II

Re: cannot fetch device category parameter

bump..

anyone have any clue what should i do?

 

Ricky

Ricky E. Lee
CWNA | ACMP | ACCP

Re: cannot fetch device category parameter

i don't understand you last reply. do the devices you check for end up correctly in the endpoint database or not?

 

show the endpoint database info for one MAC you also show the access tracker output for.

Frequent Contributor II

Re: cannot fetch device category parameter

i found the fix.

apparently the parameters from Endpoint Repository won't show up if your device in the endpoint database is in 'Unknown' state.

one of my service put them to unknown after certain rule hit and everything works fine after i changed it.

thanks for the responses guys.

 

Ricky

Ricky E. Lee
CWNA | ACMP | ACCP
Guru Elite

Re: cannot fetch device category parameter

Just to clarify, device profile is independent of the known/unknown state. 


Thanks, 
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: