Security

last person joined: 7 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

ClearPass Software Update through HTTP Proxy Server

Jump to Best Answer
  • 1.  ClearPass Software Update through HTTP Proxy Server

    Posted Feb 14, 2013 05:23 AM

    Hello,

     

    is it possible to add a HTTP/HTTPS proxy server to the configuration of a ClearPass Policy Manager 6.0.1 appliance?

     

    We have to use a proxy server to access web sites from our corporate network. So this would be the easiest way for me to give CPPM the ability to connect to the web service in order to get its updates.

     

    Thanks for your help!

     

    cheers,

    Harald



  • 2.  RE: ClearPass Software Update through HTTP Proxy Server
    Best Answer

    Posted Feb 14, 2013 07:49 AM

     

    This might be what you're looking for:

     

    • Administration / Server Manager / Server Configuration
    • Select and open the server config
    • Select the tab "Service parameters" and select the "Clearpass system service"
    • This has a Http proxy setting

     

     

     

     



  • 3.  RE: ClearPass Software Update through HTTP Proxy Server

    Posted Feb 14, 2013 07:54 AM

    John,

     

    brilliant, that did it! Thanks for your help!

     

    cheers,

    Harald



  • 4.  RE: ClearPass Software Update through HTTP Proxy Server

    Posted Feb 14, 2013 11:36 AM

    Are you having any issues getting firmware updates through your proxy?  I'm getting the posture definitions just fine, but the firmware updates fail.



  • 5.  RE: ClearPass Software Update through HTTP Proxy Server

    Posted Feb 15, 2013 02:59 AM

    I tried to get the firmware update as well and the file for 6.0.2 downloaded all right through the proxy server.

     

    The upgrade itself failed but that was because the VMware instance wasn't prepared properly.

     

    Does the download of the new firmware start at all?

    Do you see anything in the log files of your proxy server?



  • 6.  RE: ClearPass Software Update through HTTP Proxy Server

    Posted Feb 15, 2013 09:33 AM
    CP says that the Webservice could not be contacted. I've had a support ticket open for 3 weeks with Aruba about this.

    I opened an incident with my proxy support as well. The proxy logs indicate that CP is trying to connect to an FTP, but the URL being requested is clearly just HTTPS.


  • 7.  RE: ClearPass Software Update through HTTP Proxy Server

    Posted Apr 21, 2013 07:58 PM

    having a similar issues..

     

    is the firmware update using ftp or http?

     

    Is there a way to use an FTP proxy entry?

     

    Or can I download the latest firmware and upload to the server?

     

    thanks



  • 8.  RE: ClearPass Software Update through HTTP Proxy Server

    Posted Apr 21, 2013 09:09 PM

    Vinsona,

     

    Kindly open a support case.  Your options will be specific to the version of code you have deployed, your network setup and a few other factors.

     



  • 9.  RE: ClearPass Software Update through HTTP Proxy Server

    Posted Apr 21, 2013 11:07 PM

    Firmware updates are downloaded via HTTPS and must be downloaded via your CP server.

     

    My solution was to create firewall rules to allow the update through.  I gave up on getting it to work through my proxy as I got tired of my web proxy support and TAC pointing fingers.