Log in to ask questions, share your expertise, or stay connected to content. Don’t have a login? Join now.
Q:
We can configure Application Access Control on each server which could Allow/Deny Applications on ClearPass [like Onguard, Insight, Graphite etc] from certain client subnet by navigating to Administration » Server Manager » Server Configuration » Network as shown below:
Will these configuration be retained after adding the server as Subscriber to a cluster?
When a server is added to a cluster, it's database would be reset and it will start replicating data from the Publisher server as shown below:
INFO - Subscriber node entry added in publisher INFO - Backup databases for AppPlatform INFO - Backup databases for PolicyManager INFO - Stopping services INFO - Dropped existing databases for Policy Manager >>// Current Database on the server is wiped. INFO - Create database and schema for Policy Manager INFO - Local database setup done for Policy Manager databases INFO - Subscriber password changed INFO - Syncing up initial data... INFO - Config database temporarily locked for updates INFO - xx.xx.xx.xx: - Backup databases for AppPlatform INFO - xx.xx.xx.xx: - Backup databases for PolicyManager INFO - Config database lock released INFO - Subscriber now replicating from publisher xx.xx.xx.xx INFO - Retaining local node certificate INFO - Restoring log database... INFO - Restore started for AppPlatform databases INFO - Restore complete for AppPlatform databases INFO - Restore started for PolicyManager databases INFO - Database size after restore for tipsLogDb: 12 MB INFO - Restore complete for PolicyManager databases INFO - Subscriber replication and node setup complete INFO - Notify publisher that adding subscriber is complete INFO - Subscriber added successfully INFO - Restarting Policy Manager admin server Make subscriber complete. Re-login after sometime
When the database is wiped on the server, it will also clear the Application access control Network rules [Note: It will not replicate the Application Access Control configuration from Publisher as these are server specific].
Server after adding to the cluster:
Hence when we are adding a server to the cluster which has Application Access Control configured it's recommended to manually add those configurations again.
[Note: Backup will not have Application Access configuration]
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.