Security

 View Only
  • 1.  About User's Role in ClearPass Policy Manager

    Posted Jul 09, 2024 11:21 AM

    Can ClearPass Policy Manager dynamically calculate User 1's Role based on Health-Check results? 

    For example: We need user with Tips: Posture equal Healthy mapping at role Full_Access and when this user violates the policy, meaning the posture result is Quarantine, they should be mapped to the Deny role.



  • 2.  RE: About User's Role in ClearPass Policy Manager

    Posted Jul 10, 2024 05:48 AM

    Yes, you can do that:

    Screenshot is from a video that shows how to configure everything: video 1 (screen shot is from video 3 on Onguard).



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 3.  RE: About User's Role in ClearPass Policy Manager

    Posted Aug 04, 2024 10:01 AM

    Hi Herman, 
    How can i mapping role for user with IP Pool ?  

    In mapping rule editor i can mapping rule with Connection-Src-IP-Address - contains -- x.x.x. to Role Test. But it's only work with subnet mask 24. 
    I need to mapping role with smaller subnet, for example: 

    User A with : Connection - Src-IP-Address 192.168.100.10 to Role TEST1. 

    User B with : Connection - Src-IP-Address 192.168.100.101 to Role TEST2. 

    How can i do it, please guide me, tks! 




  • 4.  RE: About User's Role in ClearPass Policy Manager

    Posted Aug 05, 2024 11:08 AM

    Hi,

    The Connection:Src-IP-Address attribute contains the IP address of the NAD device (switch or WLC) to which the user is connecting/authenticating. Are you sure this is the value you would like to base your decision on?

    Regards,

    Thiyagarajan




  • 5.  RE: About User's Role in ClearPass Policy Manager

    Posted Aug 05, 2024 11:42 AM

    Yes, we divide and identify departments based on the IP pool, so I need to use this parameter to assign the Endpoint to its correct Roles. The issue arises when the network admin wants to split the pool into /25 and /26 as I mentioned above.




  • 6.  RE: About User's Role in ClearPass Policy Manager

    Posted Aug 05, 2024 12:50 PM
    Edited by thiyagi Aug 05, 2024 12:51 PM

    I understand. The easiest way to do this would be to create a Network Device Group under Configuration --> Network --> Device Groups based on the Department names and move the corresponding network devices into this group. You can then use the Connection:Src-IP-Address BELONGS_TO_GROUP <GROUP NAME> in the role mapping rules or enforcement conditions to move the clients to the appropriate role. 

    Let me know if this doesn't work and I'll check if there is an alternative. 

    Regards,

    Thiyagarajan Palanisamy




  • 7.  RE: About User's Role in ClearPass Policy Manager

    Posted Aug 06, 2024 04:01 AM

    HI Thiyagi, 
    Thank for you support, my system's working fine now :)