Security

Hello, im trying to set up Clearpass Onguard, i followed the configuration guide document from 2015. Currently, i set it up to check firewall, when i connected to the Onguard SSID and then turned off the firewall, i can still access the network. The access tracker didn't reject anything. The auto remediation works, but i expected that there would be a period that would allow the device to be denied access to the network because the firewall was turned off.

Any idea what i should check for this? Or maybe there are new and complete configuration guide for Onguard? 
Thank you.

------------------------------
AA
------------------------------

Do you see the non-compliance posted to ClearPasss via the WEBAUTH service? You should as an enforcement to that Webauth trigger a response, typically a CoA to change the role or disconnect/bounce the user and then in the 802.1X/MAC service check posture status and assign a role that blocks the traffic you want to block.

Have you configured that part of the workflow as well?

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC.
------------------------------

Original Message:
Sent: Dec 01, 2020 10:48 AM
From: Aria adhiguna
Subject: Clearpass Onguard Still Allowing Access For Non Compliant Devices

Hello, im trying to set up Clearpass Onguard, i followed the configuration guide document from 2015. Currently, i set it up to check firewall, when i connected to the Onguard SSID and then turned off the firewall, i can still access the network. The access tracker didn't reject anything. The auto remediation works, but i expected that there would be a period that would allow the device to be denied access to the network because the firewall was turned off.

Any idea what i should check for this? Or maybe there are new and complete configuration guide for Onguard? 
Thank you.

------------------------------
AA
------------------------------

------------------------------
AA
------------------------------

Original Message:
Sent: Dec 02, 2020 04:16 AM
From: Herman Robers
Subject: Clearpass Onguard Still Allowing Access For Non Compliant Devices

Do you see the non-compliance posted to ClearPasss via the WEBAUTH service? You should as an enforcement to that Webauth trigger a response, typically a CoA to change the role or disconnect/bounce the user and then in the 802.1X/MAC service check posture status and assign a role that blocks the traffic you want to block.

Have you configured that part of the workflow as well?

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC.

Original Message:
Sent: Dec 01, 2020 10:48 AM
From: Aria adhiguna
Subject: Clearpass Onguard Still Allowing Access For Non Compliant Devices

Hello, im trying to set up Clearpass Onguard, i followed the configuration guide document from 2015. Currently, i set it up to check firewall, when i connected to the Onguard SSID and then turned off the firewall, i can still access the network. The access tracker didn't reject anything. The auto remediation works, but i expected that there would be a period that would allow the device to be denied access to the network because the firewall was turned off.

Any idea what i should check for this? Or maybe there are new and complete configuration guide for Onguard? 
Thank you.

------------------------------
AA
------------------------------

Do you have created the role basic_quarantine on your controller/AP?

What do you see in Access Tracker? Just the wireless authentication, or also the WEBAUTH?

This is probably easy to solve when someone can see interactively what is happening, it is hard to tell in this forum without full insight in the services, and Access Tracker. I would recommend to reach out to your Partner or Aruba Support.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC.
------------------------------

Original Message:
Sent: Dec 02, 2020 04:46 AM
From: Aria adhiguna
Subject: Clearpass Onguard Still Allowing Access For Non Compliant Devices

I did the following on the service template:
The template created something like this, which i think is used to bounce the user:

Im still not sure about the role assigment, how do i change the role on the controller after the clearpass assign it?

------------------------------
AA

Original Message:
Sent: Dec 02, 2020 04:16 AM
From: Herman Robers
Subject: Clearpass Onguard Still Allowing Access For Non Compliant Devices

Do you see the non-compliance posted to ClearPasss via the WEBAUTH service? You should as an enforcement to that Webauth trigger a response, typically a CoA to change the role or disconnect/bounce the user and then in the 802.1X/MAC service check posture status and assign a role that blocks the traffic you want to block.

Have you configured that part of the workflow as well?

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC.

Original Message:
Sent: Dec 01, 2020 10:48 AM
From: Aria adhiguna
Subject: Clearpass Onguard Still Allowing Access For Non Compliant Devices

Hello, im trying to set up Clearpass Onguard, i followed the configuration guide document from 2015. Currently, i set it up to check firewall, when i connected to the Onguard SSID and then turned off the firewall, i can still access the network. The access tracker didn't reject anything. The auto remediation works, but i expected that there would be a period that would allow the device to be denied access to the network because the firewall was turned off.

Any idea what i should check for this? Or maybe there are new and complete configuration guide for Onguard? 
Thank you.

------------------------------
AA
------------------------------