Security

 View Only
  • 1.  OnGuard over third party VPN

    Posted Jul 16, 2024 04:29 AM

    HI there.  I've got a basic OnGuard policy which checks for the latest Windows version and the presence of a couple of security products.  Management now want me to push it out to laptop users who often connect in from home via our Fortinet Forticlient VPN solution.  I installed OnGuard on a test laptop and gave it a try but it does not connect back to the server once Forticlient establishes its link.

    I'm not doing any authentication or looking at the Fortinet VPN in any way, I just want the basics checked.  I can't find anything in the very brief online configuration guides and a search through the posts here hasn't helped either.  I've installed the non VIA client and was hoping all it needed was to be able to reach the server to report back but it looks like something is wrong.  Any ideas?



  • 2.  RE: OnGuard over third party VPN

    Posted Jul 16, 2024 05:27 AM

    Please have a look in your OnGuard Settings -> Policy Manager Zones:

    There make sure the client subnet is included (or extend to the VPN IP-pool, or even 0.0.0.0/0 if that's possible), and the ClearPass Server IPs or FQDN are reachable over the VPN.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 3.  RE: OnGuard over third party VPN

    Posted Jul 16, 2024 07:44 AM

    Thanks for that Herman.  When connected to the VPN I can definitely ping the Clearpass servers.  I have created a new zone in the zone manager area called Forticlient VPN and I added the subnet that is used for all the VPN clients.  However, I can't add the IP's of the actual Clearpass servers.  That box is greyed out for some reason.  The default zone has the IP ranges of the test area on site here and it's working fine and has the server IPs in it.  How do I get the server IP's in all the zones I create?  The documentation just says enter the IP's in those boxes.




  • 4.  RE: OnGuard over third party VPN

    Posted Jul 17, 2024 05:51 AM

    Is the Override Server IPs also greyed out? I'd put the IPs or (even better) FQDN in there...



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 5.  RE: OnGuard over third party VPN

    Posted Jul 17, 2024 06:37 AM

    That seems to have worked.  I still don't know why the actual server box is greyed out but I'm happy it's up and running.  Thanks.