You can still set the ACLs to allow only specific client subnets (or exclude specific subnets) for access to the Policy Manager Web interface. That is done under Server Manager - Server Configuration - <your server> - Network - Application Access Control.
Unsure how/why the data-management port ended up in that guide, as on premises you can connect through either interface to the CPPM Management, so I would not recommend using data-management ports for security reasons, just for some corner-case routing challenges. But, as mentioned in Azure you don't even have the option to use data interfaces, so it's even more simple.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Jul 31, 2024 03:07 PM
From: smelias
Subject: Clearpass Interfaces (Data & Management) for Azure Deployment
The Aruba Clearpass harding documentation indicates the following;
"ClearPass utilizes separate management and data interfaces, and provides the ability to restrict access to the management interface to just authorized end stations."
Is this the case for a specific implementation in Azure? Are there any restrictions in ClearPass or Azure for deployment utilizing multiple interfaces?
Is there a requirement to deploy Azure Clearpass with a single interface - mixing the data and management traffic planes?