Hi
Do you have the enforcement configured to deny access based on this condition:
(Authorization:[Endpoints Repository]:Conflict EQUALS true)
If this doesn't work try to change the Endpoint DB cache to 0.
I have the solution working with the setting above. Also remember to have the conflict detection rule first in the Enforcement policy
------------------------------
Best Regards
Jonas Hammarbäck
MVP Guru 2024, ACEX, ACDX #1600, ACCX #1335, ACX-Network Security, Aruba SME, ACMP, ACSA
Aranya AB
If you find my answer useful, consider giving kudos and/or mark as solution
------------------------------
Original Message:
Sent: Jul 08, 2024 07:24 AM
From: amr.ragab@linux-plus.com
Subject: CLearpass Preventing Mac Spoofing!
Hello all
I have an issue related to Mac spoofing I tried many things to prevent it but the same problem exists.
we using CPPM ver 6.10.4, using Mac auth-service for APs (enabling authorized-profiling), configured a conflict trigger in policy too, and reduced endpoint DB time for the cache to 5 seconds, CPPM could profile good but when spoofing on AP's Mac and use it through my laptop I find the laptop authenticated with AP profile!! and conflict trigger doesn't work as CPPM didn't catch it to deny. I just found an alert for conflict in endpoint DB.
how can I make CPPM prevent Spoofing?