View Only
last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Endpoint catagory changed?

This thread has been viewed 11 times
  • 1.  Endpoint catagory changed?

    Posted Feb 01, 2023 06:25 AM

    We had a bad morning today when we saw that all computers in the network (about 3500 computers) changed their category to VoIP devices During the night and early hours in the morning. It caused the computers to receive a different Vlan/network.

    We found that the "Endpoint Profiler Fingerprints " updated yesterday at 13:00pm, does it relate?

    It's not the first time it happens. when we ran CPPM a few months after we've implemented it back in 2018, All cisco routers in our network changed their category to VoIP devices.  

    What is wrong here?
    Thank you,

  • 2.  RE: Endpoint catagory changed?

    Posted Feb 03, 2023 07:05 AM
    What version of ClearPass are you running?

    Also what is your cleanup period ?

    Before 6.10 cleanup worked based upon date endpoint first seen

    After and including 6.10.x cleanup i n days after last seen - a much better idea

    So your entries may have been removed from endpoint db by housekeeping and then recategorised

    Also a few years there was an Arub hiccup /push of endpoint data. that really screwed up our whole estates worth of endpoint descriptions

    … and another one that changed all Amazon fingerprints devices to Android


  • 3.  RE: Endpoint catagory changed?

    Posted Feb 04, 2023 11:42 PM

    Version is :
    Cleaning period : Default settings

    I don't think that the endpoint was removed from the DB and then recategorized.
    Anyway, its working fine now and i hope it will not happen again.


    Contact me:
    Mobile : +972-58-7590782
    Blog : Miata - A way of life :