Security

last person joined: yesterday 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

ClearPass - Management and Data ports

  • 1.  ClearPass - Management and Data ports

    Posted Jun 17, 2020 11:04 AM

    Hello,

     

    CPPM 6.8.5

     

    We currently only have a Management Port configured on our ClearPass boxes (we have a cluster of 4). But we now want to separate management traffic out primarily so we can put it through a firewall. We don't wish to firewall any other traffic at this stage. I've read in various other posts that you don't generally recommend using both a Management and Data port, but what would you recommend if we want to Firewall management traffic?

     

    Thanks,

     

    Guy



  • 2.  RE: ClearPass - Management and Data ports

    Posted Jun 17, 2020 12:05 PM
    What is the purpose of separating management and have it policed via your firewall ?

    You could define the networks you want to allow management access from in each ClearPass node.

    To separate the traffic and use both ports ,you will need to configure static routing on each box to make this happen

    Take a look at the ClearPass routing technote:
    https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Command/Core_ViewDetails/Default.aspx?EntryId=14011



    Thank you

    Victor Fabian

    Pardon typos sent from Mobile


  • 3.  RE: ClearPass - Management and Data ports

    Posted Jun 17, 2020 02:00 PM

    Thanks for this.

     

    They want to filter traffic before it ever touches the boxes. But having spoken to the FW engineer it seems as though he is happy to put all the traffic through the FW (management and auths etc) and do the filtering based on port numbers, so setting up a separate data port isn't a requirement after all it seems.