Security

last person joined: an hour ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Pushing out OnGuard client to Windows domain

  • 1.  Pushing out OnGuard client to Windows domain

    Posted Aug 21, 2014 11:50 AM

    All,

     

    I'm working with a customer right now and we're getting ready to push out the OnGuard client to a couple hundred users. They're using a product called BigFix that they've had success with in the past.

     

    The OnGuard deployment is one that has the VIA client as part of the package. When the OnGuard client is pushed out, the user is prompted to type in the VIA VPN address and their username and passwords. 

     

    Two questions about this: Is there anyway to create an additional file that would populate the VPN IP address? Or, is there anyway to put the VIA Auth Profile into the OnGuard package and push that out?

     

    Thanks for any help that you can offer!

     

    -Mike



  • 2.  RE: Pushing out OnGuard client to Windows domain

    Posted Aug 21, 2014 02:19 PM

    I know you can do a silent install on the OnGuard client. (see below) I have asked engineering on the combo.

     

    Silent Install


    Windows


    OnGuard Installers (both EXE and MSI) support silent install.

    MSI Installer supports standard msiexec options:

    /quiet
    Quiet mode, no user interaction
    /passive
    Unattended mode - progress bar only
    /q[n|b|r|f]
    Sets user interface level
    n - No UI
    b - Basic UI
    r - Reduced UI
    f - Full UI (default)
    Example - "ClearPassOnGuardInstaller.msi /qn"

    For EXE Installer we need to pass '/S' as argument - "ClearPassOnGuardInstaller.exe /S"


    Please note that silent mode should be launched with Admin rights, otherwise installation will fail without showing any error.

    Mac OSX


    hdiutil attach ClearPassOnGuardInstall.dmg
    sudo installer -pkg /Volumes/ClearPassOnGuard/ClearPassOnGuard.pkg -target /
    hdiutil detach /Volumes/ClearPassOnGuard


    Above command can be added to a script and that script can be executed. Note that in first command you need to give complete path of ClearPassOnGuardInstall.dmg file.

     



  • 3.  RE: Pushing out OnGuard client to Windows domain

    Posted Aug 22, 2014 06:02 PM

    Hi Troy,

     

    This is great information! My customer is going to give it a try in the next few days.

     

    If you can, could you also ask the developers if there's a way to include a seed / answer file for the combined client? It would be great if the VPN information was automatically filled in.

     

    Thanks!

     

    -Mike



  • 4.  RE: Pushing out OnGuard client to Windows domain

    Posted Aug 22, 2014 06:11 PM
    This what I got back today from one engineer. He is also checking with a few others.
    It is not possible to push VIA specific configuration from Unified Agent Installer.

    Post install the application (ui) can be invoked with certain parameters to automatically download VIA profile.

     

     

    ClearPassOnGuard.exe -getconfig <server> <username> <password> <authprofile>



  • 5.  RE: Pushing out OnGuard client to Windows domain

    Posted Feb 19, 2015 10:52 AM

    Troy,

     

    I had a follow up from another customer about this. Is there also a way to silently remove OnGuard from a machine? I'm working with a customer that is packing and pushing out the client to a bunch of test machines. On of the things they're interested in testing is removing the client as part of this process.

     

    As always, thanks for the help!

     

    -Mike



  • 6.  RE: Pushing out OnGuard client to Windows domain

    Posted Feb 20, 2015 05:41 AM
    Mike,

    If they install OnGuard using MSI file then they can use following command to uninstall it using same MSI file:
    "msiexec /x ClearPassInGuard.msi /q"

    If they are using EXE to install then command to uninstall silently is:
    "C:\Program Files\Aruba Networks\ClearPassOnGuard\uninst.exe /S"

    There were some issues with older versions of OnGuard agent where these commands were not working.
    They are all fixed in 6.4.4 and both commands should work with 6.4.4 OnGuard Agent


  • 7.  RE: Pushing out OnGuard client to Windows domain

    Posted Feb 20, 2015 04:17 PM

    Troy,

     

    Just what I was looking for - thanks!

     

    -Mike



  • 8.  RE: Pushing out OnGuard client to Windows domain

    Posted Feb 23, 2015 10:47 AM

    Troy,

     

    One other OnGuard question in the same vein that came up today. Is there a way to put a corporate logo / skin the OnGuard client for distribution in a large enterprise?

     

    As always, thanks!

     

    -Mike



  • 9.  RE: Pushing out OnGuard client to Windows domain

    Posted Feb 23, 2015 12:36 PM

    Mike,

     

    We don't support the option today to brand OnGuard. Sorry.



  • 10.  RE: Pushing out OnGuard client to Windows domain

    Posted Feb 23, 2015 01:49 PM

    Danny,

     

    Thanks - much appreciated!

     

    -Mike



  • 11.  RE: Pushing out OnGuard client to Windows domain

    Posted May 29, 2020 09:04 AM

    The "-getconfig" argument works only if OnGuard is already running, but it is useful though.

    Is there any to disconnect the VPN? and/or to clear config?

    Is there a complete list of available arguments?

     

    Thanks!