Security

 View Only
  • 1.  Policy Cache Result Timeout Value

    Posted Jan 24, 2024 04:02 AM

    Hello experts,

    I am very new to ClearPass and  trying to understand  what exactly this setting under cluster-wide parameters does and the impact of changing the value.

    Let's say ClearPass authenticated an endpoint, received token from agent and the cache timeout is 5 mins does this mean any reauthentication within this 5 minutes will tell clearpass to just use the cache? As in it trusts whatever its cache had from 5 mins ago for the endpoint and kind of not do anything? But beyond 5 minutes ClearPass will have to reassess this endpoint as in really uses its policy engine to authenticate map role etc.?



    ------------------------------
    Thank you for your time,

    JiaWei
    ------------------------------


  • 2.  RE: Policy Cache Result Timeout Value

    Posted Jan 26, 2024 10:08 AM

    Yes, that is how I understand it also.

    You do need an option turned on to make it work, see the documentation for it.

    https://www.arubanetworks.com/techdocs/ClearPass/6.6/PolicyManager/Content/CPPM_UserGuide/Admin/ServerConfig_clusterwideparams.htm

    Specify the duration allowed in minutes to store the role mapping and posture results derived by the policy engine during a policy evaluation.

    This result can then be used in subsequent evaluation of policies associated with a service, if the Use cached Roles and Posture attributes from previous sessions option is turned on for the service.




  • 3.  RE: Policy Cache Result Timeout Value

    Posted Jan 30, 2024 06:41 PM

    Hi boneyard,

    Thanks for your reply.