Security

Hello All,

 

We are pleased to announce the immediate availability of ClearPass Policy Manager 6.9.0!  In addition to bug fixes, this release also includes several new features that our Engineering and QA team have worked tirelessly to include:

 

Significant IPv6 Improvements

Why is this interesting? This release adds IPv6 functionality between ClearPass Policy Manager and NAD for RADIUS and TACACS+ communication.  NAD devices no longer require communicating over IPv4 when contacting ClearPass Policy Manager.  IPv6 communication between Policy Manager cluster members are also now fully supported.

 

Tunneled EAP (TEAP) support

Why is this interesting? Customers who want to use a standards-based approach to perform authentication of endpoints combining more than one identity (such as machine and user) and/or mixed authentication methods (such as machine certificate and user password) may leverage TEAP to perform both in a single tunneled EAP transaction.  TEAP is defined in RFC 7170 and native support is included in Windows 10 (release 20H1).

 

Template Updates to Downloadable User Roles

Why is this interesting? Customers who use Downloadable User Role (DUR) definitions on ClearPass Policy Manager no longer need to upgrade or update Policy Manager to have access to the latest DUR options in standard mode when updating Aruba devices.  Administrators may now download the latest library when changes are available to apply without delays. AOS-CX is the first product to use the new method.

 

Improved multi-language support

Why is this interesting? Administrative workflows have been updated for Simplified Chinese, Japanese, and Korean languages.  All end user workflows have been updated and now also include support for Portuguese and Hindi languages.

 

Improved MAC address searching

Why is this interesting? MAC addresses may be searched using any format but are now displayed using a standard AA.BB.AA.BB.AA.BB format. 

 

What’s New pop-up

Why is this interesting? Provides a list of the key features in a release to administrative users as well as the link to the Release Notes to learn more about the new functionality. 

 

As always, please take note of the ‘Changes of Behaviors’ section of the release notes (https://www.arubanetworks.com/techdocs/ClearPass/CP_ReleaseNotes_6.9.0/Default.htm).

 

Unlike previous releases, this software is being released exclusively through the Aruba Support Portal (ASP). 

 

A big thanks and congratulations to the ClearPass Engineering, ClearPass QA and TechPubs teams for reaching this milestone!

 

Best regards,

The ClearPass Team

Please note that we have temporarily disabled the downloads after an issue with TACACS+ authentication was identified.  We will re-post the downloads next week and subsequently release a hotfix to address the TACACS+ issues for those customers who may be impacted.

The 6.9.0 upgrades and images are again available for download from the Aruba Support Portal (https://asp.arubanetworks.com/downloads) or from ClearPass Policy Manager systems under Software Updates.

 

The "ClearPass 6.9.0 Hotfix for TACACS+ using subnet defined NADs" is also available for all customers who are using TACACS+ services.  Information about this hotfix can be found at https://www.arubanetworks.com/techdocs/ClearPass/CP_ReleaseNotes_6.9.0/Default.htm#WhatsNew/KnownThisRls.htm?Highlight=CP%E2%80%9137669

Due to a newly identified issue with some customers upgrading from earlier releases with older Dell based appliances (e.g. systems originally sold as CP-HW-25K v1) we are temporarily suspending the 6.9.0 downloads again until we can determine if these are isolated failures.

The 6.9.0 version was re-released and posted on 31 March.  The release notes have been updated to indicate that the older, impacted appliances are no longer able to upgrade (we have also added better pre-checks for these systems).

Hello All,

 

We are pleased to announce the immediate availability of ClearPass Policy Manager 6.9.1! This release also includes many fixes and security updates that our Engineering and QA team have worked tirelessly to provide.

 

As always, please take note of the ‘Changes of Behaviors’ section of the release notes (https://www.arubanetworks.com/techdocs/ClearPass/CP_ReleaseNotes_6.9.1/Default.htm).

 

The update images have been posted to the Aruba Support Portal (ASP) and the software updates portal.

 

A big thanks and congratulations to the ClearPass Engineering, ClearPass QA and TechPubs teams for reaching this milestone!

 

Best regards,

The ClearPass Team

Hello All,

 

We are pleased to announce the immediate availability of ClearPass 6.9.2!  In addition to bug fixes, this release also includes several new features that our Engineering and QA team have worked tirelessly to include:

 

 

• APIs
• Addition of new API, ‘SessionAction’, with enhanced filters for flexibility and improved user experience to support disconnect or reauthorize active sessions for endpoints based on specific session attributes.
• Enhanced ‘ApplicationLicense’ API includes up to date usage levels for licensed components.

 

 

• Device Insight
• Includes an option in ClearPass to designate a ‘Standby ClearPass Server’ within a cluster  for Device Insight integration.
• Added a new option ‘Device Tags Update Action’ in ClearPass that allows to specify the action to be taken for the incoming Device Insight tag updates.

 

 

• Endpoint Context Servers
• Includes support for the latest SOTI API framework that supports OAuth2 authentication for SOTI Endpoint Context Server.

 

 

• Policy Manager
• Allows filtering of Trust List by Usage and Validity fields
• Addition of new SHA-2 root Certificate Authority (CA), ‘USERTrust RSA Certification Authority’ to the Trust List.

 

 

 

 

As always, please take note of the ‘Changes of Behaviors’ section of the release notes (https://www.arubanetworks.com/techdocs/ClearPass/CP_ReleaseNotes_6.9.2/Default.htm).

 

The update images have been posted to the support site (Aruba Support Portal) and the software updates portal. 

 

 

A big thanks and congratulations to the ClearPass Engineering, ClearPass QA and TechPubs teams for reaching this milestone!

 

Best regards,

The ClearPass Team

Hello All,

 

We are pleased to announce the immediate availability of ClearPass Policy Manager 6.9.3!  In addition to bug fixes, this release also includes several new features that our Engineering and QA team have worked tirelessly to include:

 

New OCSP Settings

Why is this interesting? OCSP is a key part of TLS validation, especially in EAP-TLS authentication.  Customers now have the ability to adjust the parameters around OCSP failures to support faster or slower failure detection based on their needs.

 

API Explorer Reordering

Why is this interesting? To make it easier for administrators to locate the APIs, many parts of the API explorer were re-ordered.  This makes the API Explorer compliant with the readme.com OpenAPI tools and provides a better base for future API additions.  Reminder that these APIs are also already available at https://developer.arubanetworks.com/aruba-cppm.

NOTE:  This does NOT impact the functionality of the APIs at all.

 

CLI Commands for SLAAC Configuration

Why is this interesting? Stateless Address Auto-Configuration (SLAAC) was introduced in 6.9.0, but most customers do not actually want to use this functionality on their NAC.  This functionality is now disabled by default on most systems, but CLI commands can be used to manually enable or disable it as well as show the current state.

 

As always, please take note of the ‘Changes of Behaviors’ section of the release notes (https://www.arubanetworks.com/techdocs/ClearPass/CP_ReleaseNotes_6.9.3/Default.htm).

 

The update images have been posted to the Aruba Support Portal (ASP) and the software updates portal.

 

A big thanks and congratulations to the ClearPass Engineering, ClearPass QA and TechPubs teams for reaching this milestone!

 

Best regards,

The ClearPass Team

Hello All,

 

We are pleased to announce the immediate availability of ClearPass Policy Manager 6.9.4!  In addition to bug fixes, this release also includes several new features that our Engineering and QA team have worked tirelessly to include:

 

ArubaOS-CX & CPPM Integration

Why is this interesting? Customers can push the controller's role from Policy Manager to the ArubaOS controller via the ArubaOS-CX switch thereby facilitating dynamic segmentation.

 

RADIUS traffic throttling

Why is this interesting? In scenarios where an occasional, sudden increase in authentications per second might put an excessive load on the policy server, Multi-Master Cache, or Post-Authentication module, customers can set the throttling rate that can alleviate the load and ensure that the traffic is always processed. This feature is especially useful with customers using load balancers to ensure that traffic is regulated within their cluster nodes.

 

Agentless OnGuard Support for macOS & Linux

Why is this interesting? Agentless OnGuard, although provides the same posture analysis and remediation that the traditional Persistent Agent provides, simplifies endpoint software management by letting users avail OnGuard functionalities without having to install and manage the OnGuard agents on their Linux and macOS endpoints.

 

As always, please take note of the 'Changes of Behaviors' section of the release notes (https://www.arubanetworks.com/techdocs/ClearPass/CP_ReleaseNotes_6.9.4/Default.htm).

 

The update images have been posted to the Aruba Support Portal (ASP) and the software updates portal.

 

A big thanks and congratulations to the ClearPass Engineering, ClearPass QA and TechPubs teams for reaching this milestone!

 

Best regards,

The ClearPass Team


Original Message:
Sent: Oct 05, 2020 05:40 PM
From: Bryan Lechner
Subject: ClearPass Policy Manager 6.9 Releases

Hello All,

 

We are pleased to announce the immediate availability of ClearPass Policy Manager 6.9.3!  In addition to bug fixes, this release also includes several new features that our Engineering and QA team have worked tirelessly to include:

 

New OCSP Settings

Why is this interesting? OCSP is a key part of TLS validation, especially in EAP-TLS authentication.  Customers now have the ability to adjust the parameters around OCSP failures to support faster or slower failure detection based on their needs.

 

API Explorer Reordering

Why is this interesting? To make it easier for administrators to locate the APIs, many parts of the API explorer were re-ordered.  This makes the API Explorer compliant with the readme.com OpenAPI tools and provides a better base for future API additions.  Reminder that these APIs are also already available at https://developer.arubanetworks.com/aruba-cppm.

NOTE:  This does NOT impact the functionality of the APIs at all.

 

CLI Commands for SLAAC Configuration

Why is this interesting? Stateless Address Auto-Configuration (SLAAC) was introduced in 6.9.0, but most customers do not actually want to use this functionality on their NAC.  This functionality is now disabled by default on most systems, but CLI commands can be used to manually enable or disable it as well as show the current state.

 

As always, please take note of the 'Changes of Behaviors' section of the release notes (https://www.arubanetworks.com/techdocs/ClearPass/CP_ReleaseNotes_6.9.3/Default.htm).

 

The update images have been posted to the Aruba Support Portal (ASP) and the software updates portal.

 

A big thanks and congratulations to the ClearPass Engineering, ClearPass QA and TechPubs teams for reaching this milestone!

 

Best regards,

The ClearPass Team

Following the (US) Wednesday release of 6.9.4 an issue was identified that caused TACACS+ authentication to intermittently fail with AOS-CX switches.  Due to this issue we have currently suspended downloads of the 6.9.4 release while ClearPass Engineering creates the required Hotfix patch.  The 6.9.4 patch and hotfix will be re-released once this is validated to resolve the issue.  Due to the US Thanksgiving holiday next week we will postpone the release until the subsequent week to ensure that customers are not further impacted.

Customers who have already downloaded but not installed 6.9.4 are advised to not yet install the patch.  Customers who have already installed 6.9.4 but are NOT using TACACS+ services with AOS-CX devices are advised to remain where they are at this time.  The issue has been identified to only impact AOS-CX TACACS+ authentications intermittently.  This means that one authentication may fail but the subsequent attempt may then succeed normally.  No other TACACS+ services with other systems have been identified with this issue.

Thank you for your patience on this issue being resolved quickly.
The ClearPass Team

------------------------------
Bryan Lechner
------------------------------

Original Message:
Sent: Nov 18, 2020 05:04 PM
From: Deepthi Janagan
Subject: ClearPass Policy Manager 6.9 Releases

Hello All,

 

We are pleased to announce the immediate availability of ClearPass Policy Manager 6.9.4!  In addition to bug fixes, this release also includes several new features that our Engineering and QA team have worked tirelessly to include:

 

ArubaOS-CX & CPPM Integration

Why is this interesting? Customers can push the controller's role from Policy Manager to the ArubaOS controller via the ArubaOS-CX switch thereby facilitating dynamic segmentation.

 

RADIUS traffic throttling

Why is this interesting? In scenarios where an occasional, sudden increase in authentications per second might put an excessive load on the policy server, Multi-Master Cache, or Post-Authentication module, customers can set the throttling rate that can alleviate the load and ensure that the traffic is always processed. This feature is especially useful with customers using load balancers to ensure that traffic is regulated within their cluster nodes.

 

Agentless OnGuard Support for macOS & Linux

Why is this interesting? Agentless OnGuard, although provides the same posture analysis and remediation that the traditional Persistent Agent provides, simplifies endpoint software management by letting users avail OnGuard functionalities without having to install and manage the OnGuard agents on their Linux and macOS endpoints.

 

As always, please take note of the 'Changes of Behaviors' section of the release notes (https://www.arubanetworks.com/techdocs/ClearPass/CP_ReleaseNotes_6.9.4/Default.htm).

 

The update images have been posted to the Aruba Support Portal (ASP) and the software updates portal.

 

A big thanks and congratulations to the ClearPass Engineering, ClearPass QA and TechPubs teams for reaching this milestone!

 

Best regards,

The ClearPass Team


Original Message:
Sent: Oct 05, 2020 05:40 PM
From: Bryan Lechner
Subject: ClearPass Policy Manager 6.9 Releases

Hello All,

 

We are pleased to announce the immediate availability of ClearPass Policy Manager 6.9.3!  In addition to bug fixes, this release also includes several new features that our Engineering and QA team have worked tirelessly to include:

 

New OCSP Settings

Why is this interesting? OCSP is a key part of TLS validation, especially in EAP-TLS authentication.  Customers now have the ability to adjust the parameters around OCSP failures to support faster or slower failure detection based on their needs.

 

API Explorer Reordering

Why is this interesting? To make it easier for administrators to locate the APIs, many parts of the API explorer were re-ordered.  This makes the API Explorer compliant with the readme.com OpenAPI tools and provides a better base for future API additions.  Reminder that these APIs are also already available at https://developer.arubanetworks.com/aruba-cppm.

NOTE:  This does NOT impact the functionality of the APIs at all.

 

CLI Commands for SLAAC Configuration

Why is this interesting? Stateless Address Auto-Configuration (SLAAC) was introduced in 6.9.0, but most customers do not actually want to use this functionality on their NAC.  This functionality is now disabled by default on most systems, but CLI commands can be used to manually enable or disable it as well as show the current state.

 

As always, please take note of the 'Changes of Behaviors' section of the release notes (https://www.arubanetworks.com/techdocs/ClearPass/CP_ReleaseNotes_6.9.3/Default.htm).

 

The update images have been posted to the Aruba Support Portal (ASP) and the software updates portal.

 

A big thanks and congratulations to the ClearPass Engineering, ClearPass QA and TechPubs teams for reaching this milestone!

 

Best regards,

The ClearPass Team

Hello All,

We would like to update you on re-post of the original 6.9.4 posting and release of hot fix to resolve the TACACS+ issue.

IMPORTANT NOTE: All TACACS+ deployments on 6.9.4 should install the ClearPass HotFix for TACACS+ fragmentation issue available HERE.

 

Best regards,

The ClearPass Team

Original Message:
Sent: Nov 20, 2020 01:40 PM
From: Bryan Lechner
Subject: ClearPass Policy Manager 6.9 Releases

Following the (US) Wednesday release of 6.9.4 an issue was identified that caused TACACS+ authentication to intermittently fail with AOS-CX switches.  Due to this issue we have currently suspended downloads of the 6.9.4 release while ClearPass Engineering creates the required Hotfix patch.  The 6.9.4 patch and hotfix will be re-released once this is validated to resolve the issue.  Due to the US Thanksgiving holiday next week we will postpone the release until the subsequent week to ensure that customers are not further impacted.

Customers who have already downloaded but not installed 6.9.4 are advised to not yet install the patch.  Customers who have already installed 6.9.4 but are NOT using TACACS+ services with AOS-CX devices are advised to remain where they are at this time.  The issue has been identified to only impact AOS-CX TACACS+ authentications intermittently.  This means that one authentication may fail but the subsequent attempt may then succeed normally.  No other TACACS+ services with other systems have been identified with this issue.

Thank you for your patience on this issue being resolved quickly.
The ClearPass Team

------------------------------
Bryan Lechner

Original Message:
Sent: Nov 18, 2020 05:04 PM
From: Deepthi Janagan
Subject: ClearPass Policy Manager 6.9 Releases

Hello All,

 

We are pleased to announce the immediate availability of ClearPass Policy Manager 6.9.4!  In addition to bug fixes, this release also includes several new features that our Engineering and QA team have worked tirelessly to include:

 

ArubaOS-CX & CPPM Integration

Why is this interesting? Customers can push the controller's role from Policy Manager to the ArubaOS controller via the ArubaOS-CX switch thereby facilitating dynamic segmentation.

 

RADIUS traffic throttling

Why is this interesting? In scenarios where an occasional, sudden increase in authentications per second might put an excessive load on the policy server, Multi-Master Cache, or Post-Authentication module, customers can set the throttling rate that can alleviate the load and ensure that the traffic is always processed. This feature is especially useful with customers using load balancers to ensure that traffic is regulated within their cluster nodes.

 

Agentless OnGuard Support for macOS & Linux

Why is this interesting? Agentless OnGuard, although provides the same posture analysis and remediation that the traditional Persistent Agent provides, simplifies endpoint software management by letting users avail OnGuard functionalities without having to install and manage the OnGuard agents on their Linux and macOS endpoints.

 

As always, please take note of the 'Changes of Behaviors' section of the release notes (https://www.arubanetworks.com/techdocs/ClearPass/CP_ReleaseNotes_6.9.4/Default.htm).

 

The update images have been posted to the Aruba Support Portal (ASP) and the software updates portal.

 

A big thanks and congratulations to the ClearPass Engineering, ClearPass QA and TechPubs teams for reaching this milestone!

 

Best regards,

The ClearPass Team


Original Message:
Sent: Oct 05, 2020 05:40 PM
From: Bryan Lechner
Subject: ClearPass Policy Manager 6.9 Releases

Hello All,

 

We are pleased to announce the immediate availability of ClearPass Policy Manager 6.9.3!  In addition to bug fixes, this release also includes several new features that our Engineering and QA team have worked tirelessly to include:

 

New OCSP Settings

Why is this interesting? OCSP is a key part of TLS validation, especially in EAP-TLS authentication.  Customers now have the ability to adjust the parameters around OCSP failures to support faster or slower failure detection based on their needs.

 

API Explorer Reordering

Why is this interesting? To make it easier for administrators to locate the APIs, many parts of the API explorer were re-ordered.  This makes the API Explorer compliant with the readme.com OpenAPI tools and provides a better base for future API additions.  Reminder that these APIs are also already available at https://developer.arubanetworks.com/aruba-cppm.

NOTE:  This does NOT impact the functionality of the APIs at all.

 

CLI Commands for SLAAC Configuration

Why is this interesting? Stateless Address Auto-Configuration (SLAAC) was introduced in 6.9.0, but most customers do not actually want to use this functionality on their NAC.  This functionality is now disabled by default on most systems, but CLI commands can be used to manually enable or disable it as well as show the current state.

 

As always, please take note of the 'Changes of Behaviors' section of the release notes (https://www.arubanetworks.com/techdocs/ClearPass/CP_ReleaseNotes_6.9.3/Default.htm).

 

The update images have been posted to the Aruba Support Portal (ASP) and the software updates portal.

 

A big thanks and congratulations to the ClearPass Engineering, ClearPass QA and TechPubs teams for reaching this milestone!

 

Best regards,

The ClearPass Team