Security

last person joined: 23 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

ClearPass - Management and Data ports

This thread has been viewed 5 times

  • 1.  ClearPass - Management and Data ports

    Posted Jun 17, 2020 11:04 AM

    Hello,

     

    CPPM 6.8.5

     

    We currently only have a Management Port configured on our ClearPass boxes (we have a cluster of 4). But we now want to separate management traffic out primarily so we can put it through a firewall. We don't wish to firewall any other traffic at this stage. I've read in various other posts that you don't generally recommend using both a Management and Data port, but what would you recommend if we want to Firewall management traffic?

     

    Thanks,

     

    Guy



  • 2.  RE: ClearPass - Management and Data ports

    Posted Jun 17, 2020 12:05 PM
    What is the purpose of separating management and have it policed via your firewall ?

    You could define the networks you want to allow management access from in each ClearPass node.

    To separate the traffic and use both ports ,you will need to configure static routing on each box to make this happen

    Take a look at the ClearPass routing technote:
    https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Command/Core_ViewDetails/Default.aspx?EntryId=14011



    Thank you

    Victor Fabian

    Pardon typos sent from Mobile


  • 3.  RE: ClearPass - Management and Data ports

    Posted Jun 17, 2020 02:00 PM

    Thanks for this.

     

    They want to filter traffic before it ever touches the boxes. But having spoken to the FW engineer it seems as though he is happy to put all the traffic through the FW (management and auths etc) and do the filtering based on port numbers, so setting up a separate data port isn't a requirement after all it seems.