Security

 View Only
last person joined: 3 days ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

ClearPass OnGuard Forwards Compatibility with CPPM v6.11.x

This thread has been viewed 25 times
  • 1.  ClearPass OnGuard Forwards Compatibility with CPPM v6.11.x

    Posted Jan 19, 2023 01:43 AM
    Hi Experts,

    Just a quick query on whether ClearPass OnGuard v6.9.8 & v6.10.2 are forwards compatible with CPPM v6.11.x? Can't seem to find this info in the v6.11.x Release Notes.

    Thanks!


  • 2.  RE: ClearPass OnGuard Forwards Compatibility with CPPM v6.11.x

    Posted Jan 19, 2023 07:32 AM
    What do you mean?  6.11 includes a new version of the OnGuard agent


  • 3.  RE: ClearPass OnGuard Forwards Compatibility with CPPM v6.11.x

    Posted Jan 19, 2023 09:11 AM
    Ok, maybe my question wasn't clear. I'll rephrase it; would it be possible for a ClearPass OnGuard agent v6.9 or v6.10 installed on a user's device (Mac, Windows etc.) to be able to communicate with a CPPM server which is on v6.11?


  • 4.  RE: ClearPass OnGuard Forwards Compatibility with CPPM v6.11.x

    EMPLOYEE
    Posted Jan 26, 2023 05:32 AM
    I'm not aware of cross-version OnGuard support, as in OnGuard Agent of a previous release. I noticed that if you have an old version of the OnGuard Agent, it many times just works, but have not seen that that is officially supported.

    You may check with Aruba Support, and I'm curious for the answer as well. It may be that the OnGuard Agent should be of the same version as your ClearPass if you need it officially supported. If this is to bridge the gap temporarily during a migration, I would test, and plan to upgrade the agents to the same version as your CPPM server.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 5.  RE: ClearPass OnGuard Forwards Compatibility with CPPM v6.11.x

    Posted Jan 26, 2023 11:26 AM
    Thanks Herman, yes, it is to bridge the gap temporarily during a migration. I have upgraded CPPM from v6.7 to v6.8 & from v6.8 to v6.10 in the past with no issues faced when the OnGuard agents were still on v6.7 & v6.8 respectively. We would then use SCCM to deploy the most updated agents to the client machines. Hence my curiosity on whether a v6.9/v6.10 OnGuard agent will be able to communicate with a CPPM server which has been freshly installed to v6.11 (forwards compatibility) as I understand that the underlying base OS for v6.11 is RHEL & no longer CentOS.


  • 6.  RE: ClearPass OnGuard Forwards Compatibility with CPPM v6.11.x

    EMPLOYEE
    Posted Jan 27, 2023 05:28 AM
    I would not expect the underlying OS change to have any effect on the cross version compatibility.

    One thing to verify is that Onguard (quite some time ago) had a change in the detection engine. There have been v1 and v2 OnGuard policies for some time, and recent versions of ClearPass only do v2.0 of the plugin version:

    I think that change is already in 6.10, or even earlier, but may be worth to check that you have all your posture policies on 2.0.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 7.  RE: ClearPass OnGuard Forwards Compatibility with CPPM v6.11.x

    Posted Jan 27, 2023 08:35 AM
    Thanks alot Herman, yes, I can confirm that the plugin version is indeed 2.0 on all Posture Policies in my environment. I have since raised a TAC ticket to assist to confirm if there are any issues with forwards compatibility of OnGuard v6.10 with CPPM v6.11 & they will keep me posted once they have tested this out in their lab.