Security

 View Only
last person joined: 18 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Clearpass and detection of Windows machines

This thread has been viewed 24 times
  • 1.  Clearpass and detection of Windows machines

    MVP EXPERT
    Posted Jan 20, 2022 08:32 AM
    Hi,
    I've done a fair amount of  fingerprint work within clearpass including custom fingerprint creation, but one thing that nevern seems to be right is identifying windows machines.

    We have a site that ive been told is predominately  windows 10 ( few surface devices and an aging Vista/7/2008 device).

    all these clients perform eap-tls
    looking at the client cert the certs are issued by a windows pki and the cert name reflects its position in AD

    .... ou="Windows 10,ou=<windows build number> ......

    looking in  clearpass i can see all the cert info and everything tells me that  its a win 10 machine .....  except the  fingerprint comes back with a device name of "windows" and not "windows 10"

    Loking at the (6.5) Aruba os mobility controller, it also tells me a device is win 10


    just clearpass tells me  that its device name  is Windows 

    can have 2 devices both with the same  build number of  windows 10 ( granted that doesn t necessarily mean it is a win 10 device, only its place in AD) and one  is identified as win 10 and one as windows



    Were only using the dhcp collector at present and no user agent string
    and  yup the dhcp options are different  for win 10 flagged devices  compared to "windows" flagged devices (dhcp_options has more values)

    so in theory can have 2 devices with build 17xx and i get one of each


    cppm running latest fingerprint  info (2.80) but the cppm version i 6.7.x


    So how come an aging mobility controller can recognise a win 10 device and bleeding edge clearpass cant ?
    A

    ------------------------------
    Alex Sharaz
    ------------------------------


  • 2.  RE: Clearpass and detection of Windows machines

    EMPLOYEE
    Posted Jan 20, 2022 08:48 AM
    That is because the user agent is more granular than a dhcp option.

    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    ------------------------------



  • 3.  RE: Clearpass and detection of Windows machines

    MVP EXPERT
    Posted Jan 20, 2022 09:09 AM
    So that independent of setting up a controller to forward user agent string to cppm?

    Currently issue with doing that, on 6.5.x have uploaded CA certs to the controller, set up a set of credentials and controller fails to upload U A string to cppm :-(

    A




  • 4.  RE: Clearpass and detection of Windows machines

    EMPLOYEE
    Posted Jan 20, 2022 09:39 AM
    If you get that fixed, you should have more granularity.

    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    ------------------------------



  • 5.  RE: Clearpass and detection of Windows machines

    MVP EXPERT
    Posted Jan 20, 2022 10:11 AM
    Yup
    Works on ArubaOS 8 
    :-(

    Sent from my iPhone





  • 6.  RE: Clearpass and detection of Windows machines

    MVP EXPERT
    Posted Jan 21, 2022 07:06 AM
    o.k so I thought was that its broken if you use an ip address but might work if you use an FQDN …..
    Controllers not set up for DNS and when you add a dns server GUI tells you you may need a reboot sigh!




  • 7.  RE: Clearpass and detection of Windows machines

    EMPLOYEE
    Posted Jan 21, 2022 08:02 AM
    Just use the ip address.  Reboot "may" means, try it without a reboot.

    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    ------------------------------



  • 8.  RE: Clearpass and detection of Windows machines

    MVP EXPERT
    Posted Jan 21, 2022 10:34 AM
    Doesn't work with IP address 
    Also when I set up a dbs server , can't ping anything using fqdns

    Sent from my iPhone





  • 9.  RE: Clearpass and detection of Windows machines

    EMPLOYEE
    Posted Jan 21, 2022 12:00 PM
    All it should require are an ip address and credentials.  Setup special credentials for it on CPPM so that you can track the login.

    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    ------------------------------



  • 10.  RE: Clearpass and detection of Windows machines

    MVP EXPERT
    Posted Jan 21, 2022 03:32 PM
    Done that , set up a read-only admin account 

    Sent from my iPhone





  • 11.  RE: Clearpass and detection of Windows machines

    EMPLOYEE
    Posted Jan 21, 2022 04:01 PM
    SSH into the MM, CD to the folder with the controller:

    type:
    config t
    logging system subcat mapc level debugging
    write mem

    On the MD, type "show ifmap cppm" to see the current status.  Then type "show log system all | include mapc" to see if you see any ifmap messages.

    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    ------------------------------



  • 12.  RE: Clearpass and detection of Windows machines

    MVP EXPERT
    Posted Jan 21, 2022 04:41 PM
    Sadly it’s running 6.5.4.18 :-(

    Sent from my iPhone




  • 13.  RE: Clearpass and detection of Windows machines

    EMPLOYEE
    Posted Jan 21, 2022 05:01 PM
    And of course, I see the same certificate error that you are seeing....  Let me do some checking.

    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    ------------------------------



  • 14.  RE: Clearpass and detection of Windows machines

    MVP EXPERT
    Posted Jan 22, 2022 03:01 AM
    Should say I’ve allowed TLS 1.0 and 1.1 through on ClearPass as well
    A