Security

last person joined: 21 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

clearpass cluster

This thread has been viewed 4 times

  • 1.  clearpass cluster

    Posted Oct 13, 2015 03:52 AM

    Dear Community,

     

    I'm facing an issue. One of our customer would like to buy a CP-VA-5K with OnBoard modul as well. They already have a CP-VA-500. We'd like to combine the two appliance to a cluster, in order to have 5500 CPPM licence. For a firewall prospective they want to know: will the two appliance has one (cluster) IP?

    I know in HA mode there is a virtual IP, but in this case there is no HA, only a regular cluster with a publisher and a subscriber node.

    Thank you for your help in advance!

     



  • 2.  RE: clearpass cluster
    Best Answer

    EMPLOYEE
    Posted Oct 13, 2015 03:55 AM
    The virtual ip is only failover it does not load balance


  • 3.  RE: clearpass cluster

    Posted Oct 13, 2015 04:03 AM

    Hi Troy,

     

    Thank you for your quick answer. One thing is not clear. If we want to use the guest module and a captive portal provided by ClearPass, which IP do I have to use, when I configure the captive portal's url on the controller.

     



  • 4.  RE: clearpass cluster

    EMPLOYEE
    Posted Oct 13, 2015 04:17 AM
    This is more of a design question that you should work with your Aruba SE to see what works best for your network.

    There are multiple options. The most common is that the URL is pointed to the VIP for captive portal and then they point the radius directly to the pub or sub.


  • 5.  RE: clearpass cluster

    Posted Oct 13, 2015 11:38 PM

    Take a look at my  CPPM Clustering TechNote