Security

 View Only
last person joined: 9 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Clearpass Extension Installation

This thread has been viewed 33 times
  • 1.  Clearpass Extension Installation

    Posted Aug 22, 2024 08:42 PM

    Hi All,
    I am having issue with Extension installation on Clearpass.  Due to the security restriction of environment, all web traffic needs to go via a proxy server.  HTTP proxy is enabled as per below but it seems that Extension downloading traffic ignored this Proxy setting and it always bypassed proxy and went to Internet directly, which was ended up with Server Error 500.  I am wondering if anyone experienced the same issue and any solution to resolve this. Many Thanks. 



  • 2.  RE: Clearpass Extension Installation

    Posted Aug 23, 2024 03:14 AM

    Hi,

    I've the same error trying to install any extension on my brand new CPPM 6.11.9.

    I have no proxy.

    I open a case for that.

    I'll tell you...

    Regards,



    ------------------------------
    StephaneLALARDIE
    ------------------------------



  • 3.  RE: Clearpass Extension Installation

    Posted Aug 23, 2024 06:28 AM

    Hi,

    My issue is resolved.

    I used to set a firewall rule for flow between CPPM Data interface and Internet with filtering on URL clearpass.arubanetworks.com.

    It was known as the only Url that CPPM use to activate licence or get softwre update.

    Meanwhile, with the extension store, it seems to go through several other sites and it was filtered.

    I'm waiting for a TAC explanation.

    Do you also use an URL filter for clearpass.arubanetworks.com ?

    Regards, 



    ------------------------------
    StephaneLALARDIE
    ------------------------------



  • 4.  RE: Clearpass Extension Installation

    Posted Aug 23, 2024 08:59 AM

    Found this: https://community.arubanetworks.com/blogs/esupport1/2022/12/02/firewallproxy-host-whitelist-for-clearpass-extensions

    All this URL should be accessible for extension installation

    clearpass.arubanetworks.com
    
    extensions.clearpassbeta.com
    
    registry-1.docker.io
    
    index.docker.io
    
    auth.docker.io
    
    production.cloudflare.docker.com

    regards,



    ------------------------------
    StephaneLALARDIE
    ------------------------------



  • 5.  RE: Clearpass Extension Installation

    Posted Aug 23, 2024 06:48 AM

    I think to remember that there was an issue with extension downloads not honoring the proxy settings, but could not find it in the release notes. Please make sure to be on the latest ClearPass hotfix level for 6.11 or 6.12.

    Further, some extensions are now posted to the support portal, so that may be a workaround for you as well. If nothing works, please report to TAC as they should be aware of such issues, if there are any.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 6.  RE: Clearpass Extension Installation

    EMPLOYEE
    Posted Aug 23, 2024 11:24 AM

    Extension download via proxy was fixed in 6.11.3 and available with 6.12.0.  If you are running at least those versions and still having issues, then open a case with TAC for troubleshooting.

    ClearPass 6.12 introduces the ability to install extensions offline, this process is covered in the user guide.



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------