Original Message:
Sent: Feb 27, 2023 09:08 AM
From: Bahoz
Subject: Block concurrent connections (active-sessions?)
Thank you, William.
We are on ClearPass Policy Manager 6.9.10.134806 on C1000 platform and VIA 4.3.
I've tried a various iterations of rules and I can still have multiple devices being able to connect with the same certificate.
Insight is recognizing the username as the Common Name on the certs, and shows that multiple devices connect. So Insight logging seems to be working.
I've tried,
TC1
Rule1
sAMAccountName EXISTS
Online-Status Equals NOT_EXISTS
DIDN'T WORK!
---------------
TC2
Rule1
sAMAccountName EXISTS
Allow
Rule2
Active-Sessions LESS_THAN_OR_EQUALS 0
Allow
DIDN'T WORK!
-------------
TC3
Rule1
sAMAccountName EXISTS
Active-Sessions LESS_THAN_OR_EQUALS 0
Allow
Neither device was able to connect
-------------
TC4
Rule1
sAMAccountName EXISTS
Active-Sessions EQUALS 0
Allow
Neither device was able to connect
-------------
TC5
Rule1
sAMAccountName EXISTS
Active-Sessions NOT_EXISTS
Allow
Both connected
-------------
Original Message:
Sent: Feb 27, 2023 04:04 AM
From: Aruba WB
Subject: Block concurrent connections (active-sessions?)
Which AOS version are you running? In version 8.11 (together with VIA client version 4.5) you can configure a concurrent session limit.
------------------------------
William Bargeman
Systems Engineer Aruba
Original Message:
Sent: Feb 23, 2023 04:22 PM
From: Bahoz
Subject: Block concurrent connections (active-sessions?)
Hello,
We have ClearPass that is connected to Active Directory, and we have a simply rule before allowing the connection to our VPN (Aruba Mobility Controller.)
The basic rule as follows:
Authorization: LAB_AD sAMAccountNAME EXISTS
Permit
I added a new condition right below what I wrote above
Authorization: Insight Repository, active-sessions less than or equals 0
It then blocks every new connection attempt.
I just want to block the same user being able to connect the second time via another device. We use cert based authentication. What would be a best way of accomplishing this?
Any help or advice is appreciated.
Thank you.