Is the Override Server IPs also greyed out? I'd put the IPs or (even better) FQDN in there...
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Jul 16, 2024 07:43 AM
From: Kenny_10_Bellys
Subject: OnGuard over third party VPN
Thanks for that Herman. When connected to the VPN I can definitely ping the Clearpass servers. I have created a new zone in the zone manager area called Forticlient VPN and I added the subnet that is used for all the VPN clients. However, I can't add the IP's of the actual Clearpass servers. That box is greyed out for some reason. The default zone has the IP ranges of the test area on site here and it's working fine and has the server IPs in it. How do I get the server IP's in all the zones I create? The documentation just says enter the IP's in those boxes.
Original Message:
Sent: Jul 16, 2024 05:27 AM
From: Herman Robers
Subject: OnGuard over third party VPN
Please have a look in your OnGuard Settings -> Policy Manager Zones:
There make sure the client subnet is included (or extend to the VPN IP-pool, or even 0.0.0.0/0 if that's possible), and the ClearPass Server IPs or FQDN are reachable over the VPN.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Jul 16, 2024 04:28 AM
From: Kenny_10_Bellys
Subject: OnGuard over third party VPN
HI there. I've got a basic OnGuard policy which checks for the latest Windows version and the presence of a couple of security products. Management now want me to push it out to laptop users who often connect in from home via our Fortinet Forticlient VPN solution. I installed OnGuard on a test laptop and gave it a try but it does not connect back to the server once Forticlient establishes its link.
I'm not doing any authentication or looking at the Fortinet VPN in any way, I just want the basics checked. I can't find anything in the very brief online configuration guides and a search through the posts here hasn't helped either. I've installed the non VIA client and was hoping all it needed was to be able to reach the server to report back but it looks like something is wrong. Any ideas?