It's not so much if you have control over the device, it is if you can run/install the OnGuard agent on the device. If you don't have control over the device, in most cases it is hard to ask people to install your security agent on their owned device. But if they are willing to install OnGuard, it should work great.
The best documentation that I know is the OnGuard configuration Tech Note, available at
https://www.arubanetworks.com/clearpassdocsOn page 31 it shows how to create a Web Login page for the Dissolvable Agent, but you probably should read the full document for full understanding.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
------------------------------
Original Message:
Sent: Feb 22, 2021 05:25 AM
From: Frederico Gon�alves
Subject: Clearpass OnGuard Ageneless
Hi Herman,Thanks for your response.So, as I understand it, the best option for external machines that my organization does not have any type of control, is the dissolvable Agent.so you have something that I can see to carry out my POC implementation.Videos, Links, PDF anything.
Thank You.
------------------------------
Frederico Gon�alves
Original Message:
Sent: Feb 22, 2021 03:27 AM
From: Herman Robers
Subject: Clearpass OnGuard Ageneless
For systems that or 'not yours', the dissolvable agent may be a good alternative. Or if you can have your users install the OnGuard Agent, you can do that as well.
OnGuard requires some type of access on the devices, which is why you need to install something (Agent), have the user run something (Dissolvable), or have admin credentials (Agentless).
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
Original Message:
Sent: Feb 19, 2021 12:06 PM
From: Frederico Gon�alves
Subject: Clearpass OnGuard Ageneless
Hello,I am doing a POC I needed a help, because I have already researched everywhere and I cannot find any information on how to do it or if it is supported, that is, I will explain:
I need a client that connects via SSL VPN (Fortigate) and that a healt check is performed and based on that health check, access is guaranteed or denied.I need to use Onguard Agentless on machines that are not managed by me (guest).I found this article (https://community.arubanetworks.com/HigherLogic/System/DownloadDocumentFile.ashx?DocumentFileKey=36fb4b00-8476-449c-aa5e-e654ffb36f72&forceDialog=0) butis for onguard agent, not for agentless.Has anyone done something similar or do you know if it's possible to do it?Clearpass Version 6.9.5.131053Fortigate Version v6.4.4 build1803 (GA)Thanks
------------------------------
Frederico Gon�alves
------------------------------