When configuring the SSID, the Access tab, I have it set to "Unrestricted".
I am passing roles back from the ClearPass that match roles that are defined in my IAP cluster. I have essentially mimiced our controller environment to the IAP.
I don't want to freely allow all traffic to flow to our wireless clients. I want to take advantage of the firewall on the IAP. The issue that I am running into though is that the rules only appear to work in one direction.
If the client initates the communication, there isn't a problem. As soon as an outside source (a server, an admin) attempts to the client, traffic is getting dropped.
Lets say for example that I want our server subnet to be able to freely communicate with a client connected to our IAP cluster. Whether the client initiates the communication, or the server does. Currently, the client can freely initiate the connection with the server. If the server attempts to reach out to the client, then traffic is dropped by the IAP.
Please correct me if I am wrong, but the firewall rules are no bi-directional.