Security

 View Only
last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

SQL filter query missing on 6.10.8 and 6.11.0

This thread has been viewed 46 times
  • 1.  SQL filter query missing on 6.10.8 and 6.11.0

    Posted Jan 20, 2023 09:34 AM
    Hi all,

    after updating CPPM to 6.10.8 or 6.11.0 we can no longer edit our SQL filter queries in authentication sources.

    This is how it looked before the update:


    And this is how it looks after the update / upgrade:


    We have customers with modified queries that can not edit those anymore. Is this a known bug and is it going to be fixed?
    Because I did not find anything about it in the Release Notes that indicates that this was a conscious change.

    ------------------------------
    Thanks,
    Bjarne
    ------------------------------


  • 2.  RE: SQL filter query missing on 6.10.8 and 6.11.0

    Posted Jan 20, 2023 09:49 AM
    Hi Bjarne

    I think I have read something that you will not be able to edit default objects like [Time Source] from version 6.11.0. But can't find the text right now.
    Have verified your observations and I can edit the filter on 6.10.7, but not on 6.10.8 or 6.11.0.

    It's not possible to copy the default [Time Source] either...

    I hope a fix will be released as some of my customers also have edited time sources. 

    A ticket to Aruba TAC may be a good idea in this case.

    ------------------------------
    Best Regards
    Jonas Hammarbäck
    MVP 2023, ACCX #1335, ACMP, ACDP, ACP-Network Security, ACEP, ACSA
    Aranya AB
    If you find my answer useful, consider giving kudos and/or mark as solution
    ------------------------------



  • 3.  RE: SQL filter query missing on 6.10.8 and 6.11.0

    EMPLOYEE
    Posted Jan 26, 2023 06:30 AM
    It's by design that you can't edit/view/copy the filters for the default authentication sources (the ones between [brackets]) starting with ClearPass 6.11.0.
    As a best practice, you should never change default profiles and always create and use your own modified version.

    The risk with changing [default profiles] in most products, is that on an upgrade the new defaults will be applied and your changes are lost.

    If you don't like the new behavior, please open an Innovation Zone request, and/or work with your local Aruba SE to get this raised; but as mentioned this change was implemented intentionally.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 4.  RE: SQL filter query missing on 6.10.8 and 6.11.0

    Posted Jan 26, 2023 06:53 AM
    Thanks for the clear answer.

    I have a customer that ahs edited the [Time Source] query to include more different time ranges. For example they have added "three months". 
    Now we can't edit the filter and we can't copy it to make the changes. 

    Do you have an idea how we can implement that with 6.11?

    Edit: 
    OK, we can just add another filter to the default source, we can just not edit the pre defined. So we can recreate the exact filter and then add the custom queries to it. 

    ------------------------------
    Thanks,
    Bjarne
    ------------------------------



  • 5.  RE: SQL filter query missing on 6.10.8 and 6.11.0

    EMPLOYEE
    Posted Jan 26, 2023 12:11 PM
    Correct, glad you found it.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 6.  RE: SQL filter query missing on 6.10.8 and 6.11.0

    Posted Jan 20, 2023 12:48 PM
    Hi Bjarne,

    you can't edit the existing filters in Authentication Sources - that we all find very bad, of course.
    But we can add our own filters. This is suboptimal, but can be used as a workaround.



    Regards,

    Waldemar
    ACCX # 1377, ACEP, ACA - Network Security

    ------------------------------
    Regards,

    Waldemar
    ACCX # 1377, ACEP, ACA - Network Security
    ------------------------------