Security

 View Only
last person joined: 15 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Disable guest web server access ClearPass

This thread has been viewed 30 times

  • 1.  Disable guest web server access ClearPass

    Posted Oct 27, 2021 04:02 PM
    Hey, is it possible to disable guest web server access only on ClearPass, without affecting admin web server access? Or recommended workaround? Thanks

    ------------------------------
    Neil
    ------------------------------


  • 2.  RE: Disable guest web server access ClearPass

    EMPLOYEE
    Posted Oct 27, 2021 05:59 PM
    The question is, outside of the guest "logon" role, do guests even  need to reach the ip address of the ClearPass Server?

    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    ------------------------------

    Original Message


  • 3.  RE: Disable guest web server access ClearPass

    Posted Oct 27, 2021 09:34 PM
    I hear ya, yeah I recommended a workaround to the customer along similar lines. But they're very security conscious so they were wondering if it's possible to just disable it completely if they're not using the guest component on the server. 



    Original Message


  • 4.  RE: Disable guest web server access ClearPass

    Posted Oct 28, 2021 03:39 AM
    You can restrict access to the various parts of Clearpass (including guest & policy admin) via a server ACL - maybe that would help.  We restrict all things to various parts of the network.

    Here's an older blog, but still valid:
    https://community.arubanetworks.com/browse/articles/blogviewer?blogkey=b5d3c132-7a57-4277-ae35-400fa7d7a8fc
    Original Message


  • 5.  RE: Disable guest web server access ClearPass

    MVP EXPERT
    Posted Oct 28, 2021 04:25 PM
    You can restrict Guest Operator access here.

    Please note your Management Interface should be in a Management VLAN where you decide on the firewall who is allowed to reach HTTPS. 

    You can also restrict subnets to login to the ClearPass Policy Manager admin page.



    ------------------------------
    Marcel Koedijk | MVP Guru 2021 | ACEP | ACMP | ACCP | ACDP | Ekahau ECSE | Not an HPE Employee | Opionions are my own
    ------------------------------

    Original Message


  • 6.  RE: Disable guest web server access ClearPass

    EMPLOYEE
    Posted Oct 29, 2021 10:28 AM
    I don't think you can disable guest completely. Apart from the other suggestions, you can in the pages that you have put access controls and deny access from anywhere:

    Or remove all of the guest pages.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------

    Original Message


  • 7.  RE: Disable guest web server access ClearPass

    Posted Nov 02, 2021 11:28 AM
    Ok yes makes sense thank you all!

    ------------------------------
    Neil Bhave
    ------------------------------

    Original Message