View Only
last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).

Cisco Firepower Clearpass Onguard

This thread has been viewed 4 times
  • 1.  Cisco Firepower Clearpass Onguard

    Posted May 12, 2022 11:12 AM
    I have a clearpass deployment version 6.7 with cisco firepower firewall. I can send a dACL via enforcement profile upon login, but the health-check is not sending the COA for re-auth after health check. I've gone through all the community posts and I'm not having any luck with the COA. Here is what I understand is supposed to happen.

    1. Client Connects via Anyconnect
    2. Authentication is successful
    3. Health Token unknown
    4. Enforcement profile sends dACL
    5. Health Check Occurs
    6. Health Token set to Healthy
    7. No COA is sent, and the device is stuck in current state

    Also, could you use something like MAC Caching to prevent the user from having to re-authenticate during the bounce like in a guest portal situation? Any help with this would be greatly appreciated!!!

    Mitchell Griffin