Hi
You can restrict the IP addresses and subnets that can access the different parts of the ClearPass GUI. Please read the ClearPass hardening guide to get complete instructions on how to implement the restrictions
for ClearPass Policy Manager 6.9.x and earlier versions at
https://support.hpe.com/hpesc/public/docDisplay?docId=a00091066en_us
For ClearPass 6.10.x: https://www.arubanetworks.com/techdocs/ClearPass/6.10/PolicyManager/Content/home.htm
For ClearPass 6.11.x: https://www.arubanetworks.com/techdocs/ClearPass/6.11/PolicyManager/Content/home.htm
In short you have to implement the restrictions on each ClearPass server in a cluster.
The settings is found under Administration\Server Manager\Server Configuration and the Network tab on the server configuration page.
------------------------------
Best Regards
Jonas Hammarbäck
ACCX #1335, ACMP, ACDP, ACNSP, ACEP, ACSA
Aranya AB
If you find my answer useful, consider giving kudos and/or mark as solution
------------------------------
Original Message:
Sent: Dec 06, 2022 09:15 AM
From: house gregory
Subject: Clearpass Captive portal URL based restrictions
Hello,
We have a guest setup with Aruba MM and Clearpass. The captive portal page is without the urls is Clearpass web access page. But isn't this a security issue? I don't want my guest users to be able to delete the guest url and access directly yo cppm web gui and try some brute force attacks. Can we have a way to prevent this? I tried to write alias with only the login url but aliases only accept domain names. So how can i restrict guest users with only to login url ? Thanks in advance.