We are pleased to announce the immediate availability of ClearPass Policy Manager 6.8.3! In addition to bug fixes, this release also includes several new features that our Engineering and QA team have worked tirelessly to include:
Certificate Authentication with VMware AirWatch (MDM)
Why is this interesting? VMware AirWatch recently began replacing authentication with tokens in order to use certificate-based authentication. Policy Manager is now able to interact with AirWatch using certificates rather than tokens for a more secure authentication process.
Push backups using NFS
Why is this interesting? Policy Manager now supports pushing backups using NFS. This allows customers who do not have SCP/SFTP environments available to back up to Microsoft Windows enabled systems.
Enhanced Access Tracker filtering
Why is this interesting? Customers can now find Access Tracker records with significantly less searching through long lists of filtered results. Filtering in the Access Tracker screen now allows the use of additional attributes including posture, authorization, RADIUS, and computed attributes.
MPSK support using RadSec
Why is this interesting? Customers using Aruba’s Multiple Pre-Shared Key (MPSK) to secure their IoT systems can now use RadSec (RADIUS over TLS) rather than only using RADIUS connections.
OnGuard support for macOS Catalina (10.15)
Why is this interesting? This release officially adds OnGuard support for the Catalina release of macOS. Catalina now requires all programs to have attestation signing to be able to install when downloaded from a web browser. This update allows customers to download and install OnGuard agents directly from web browsers without errors.
Support for wired Evil Twin detection
Why is this interesting? Aruba controllers already prevent a cloned system from appearing on a network more than once, but wired networks are the new point of attack. Inserting an unmanaged switch/hub into the network would allow attackers to clone an existing computer (IP address, MAC address, user agent, etc.). Endpoints using OnGuard are able to interact with ClearPass to indicate whether a system has an Evil Twin. ClearPass can then notify the last managed port to quarantine the system and/or alert administrators.
List available posture updates
Why is this interesting? OnGuard customers are now able to list out all supported information for Windows Hotfix Updates (by KBID) and Posture Signature Updates (by AV definition version, date, and/or signature).
As always, please take note of the ‘Changes of Behaviors’ section of the release notes (https://www.arubanetworks.com/techdocs/ClearPass/CP_ReleaseNotes_6.8.3/Default.htm).
The update images have been posted to the support site (Aruba Support site) and the software updates portal. Posting to MNP and ASP will complete shortly.
A big thanks and congratulations to the ClearPass Engineering, ClearPass QA and TechPubs teams for reaching this milestone!