last person joined: 5 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

ClearPass endpoint profile expiry?

  • 1.  ClearPass endpoint profile expiry?

    Posted Oct 14, 2019 10:20 AM

    I'm finding that some endpoints on our network profile fine when initially switched on, but if left powered on for a long time (roughly 5 days?) seem to drop back to not profiled. Is this expected behaviour? I understand the profiler uses DHCP discovers as one method of identifying the device, and I could understand that perhaps devices with long leases might not DHCP discover very often and thus might not get profiled very often. What I can't seem to find documented is in what circumstances an already profiled device will go back to not profiled or any settings to adjust that.

  • 2.  RE: ClearPass endpoint profile expiry?

    Posted Oct 14, 2019 03:37 PM

    Are you marking these endpoint as known?


    Maybe there is endpoint cleanup configured, that causes the endpoints to be deleted. Please check it under Cluster-Wide Parameters > Cleanup Intervals 



  • 3.  RE: ClearPass endpoint profile expiry?

    Posted Oct 15, 2019 08:20 AM

    The endpoints are marked as known, and additionally the cleanup interval for profiled unknown endpoints is set to 60 days so I don't believe that should be happening.


    I guess the easy way to prove this is to put something in the description/attributes and see if it's still there once the endpoint goes back to not profiled.