Security

 View Only
last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Modifying IP address for ClearPass in Azure

This thread has been viewed 27 times
  • 1.  Modifying IP address for ClearPass in Azure

    Posted May 06, 2024 01:15 AM

    I am migrating ClearPass in Azure from 6.10 to 6.11, and I want to keep the same IP Address. I am testing the procedure in a lab stup.

    As per documentation, IP address is managed by Azure, so I modified the IP address for mgmt NIC to static and set it to the required IP address (I modified also the IP address for old ClearPass to avoid conflict).

    When I start ClearPass after modifying IP address, all service stop and never starts. Any idea if this is common behavior? What is the solution for this?

    What is the best approach to upgrade Azure deployment from 6.10 to 6.11 while keeping the same IP address?



  • 2.  RE: Modifying IP address for ClearPass in Azure

    EMPLOYEE
    Posted May 06, 2024 10:36 AM

    If I'm remembering correctly, setting a static IP address within ClearPass, when operating as a VM in Azure, doesn't work as expected and shouldn't be used.



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------



  • 3.  RE: Modifying IP address for ClearPass in Azure

    Posted May 06, 2024 10:45 AM

    I am setting the static IP address in Azure, not ClearPass. ClearPass server gets its IP address from Azure VNET and Subnet settings




  • 4.  RE: Modifying IP address for ClearPass in Azure

    EMPLOYEE
    Posted May 06, 2024 10:56 AM

    Good to hear, wasn't entirely clear from your post and some users have made that mistake.

    You can open a case with TAC but I'm seeing indications that changing the IP address of a ClearPass VM in Azure just doesn't work.  I've not played with Azure enough to know for certain, but when you're "setting the static IP address in Azure", does that mean setting a specific IP address on the vNIC?  Or are you just creating a DHCP reservation for the VM?



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------



  • 5.  RE: Modifying IP address for ClearPass in Azure

    Posted May 06, 2024 11:02 AM

    I set it statically by following the process below. It seems to be working, but when I modify the static IP address in Azure all serveries stop. I tried reloading the VM with no improvement. 

    I am wondering if there is any trick or procedure to modify  ClearPass IP address in Azure.

    I'll open a ticket with TAC. Thanks 

    Create a VM with a static private IP address - Azure portal

    Microsoft remove preview
    Create a VM with a static private IP address - Azure portal
    Learn how to create a virtual machine with a static private IP address using the Azure portal.
    View this on Microsoft >




  • 6.  RE: Modifying IP address for ClearPass in Azure

    EMPLOYEE
    Posted May 06, 2024 11:09 AM

    I have a feeling that just isn't going to work.



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------



  • 7.  RE: Modifying IP address for ClearPass in Azure

    Posted Jul 22, 2024 03:27 AM

    Hello, we are having this exact issue.. Did you get it resolved?

    Thanks




  • 8.  RE: Modifying IP address for ClearPass in Azure

    Posted Aug 04, 2024 08:20 PM

    I am running into this situation as well.   

    The second I change the Azure IP, the services fail to start.    If I set it back to the original IP, everything works as expected.

    TAC said it is not possible to change the IP, and has bug ID CP-51022

    They also said that setting static IPs in Azure is not supported (even though it works).    I'm assuming that caveat is tied to whatever the root cause of the bug Id is.

    What are the options for this migration of 6.10 to 6.11?   I believe I can make it work by shutting down the original VM and spinning up a fresh install using the same static IP from the beginning.     As long as the instance is built from scratch with that IP, I'm pretty sure it will be fine.     While it will work, it requires a static IP which Aruba says is NOT supported.

    (It also appears that Azure does not have a way to reserve DHCP addresses.   I was thinking of creating an IP reservation and change the associated mac address)