How to deny client device access to ClearPass management portal

MVP Expert
MVP Expert
Requirement:

From a security perspective, how to restrict client device accessing the ClearPass management portal page?



Solution:

From ClearPass 6.3.x onwards a new feature was added named as "Access Control List Configuration". Using this ACL list, we call allow/deny access to ClearPass applications from specific subnet/s.



Configuration:

In order to configure the Application access control ACL, please navigate to CPPM > Administration > Server manager > Server configuration > Select the server > Network tab > click on Restrict Access

 

Here we can select the specific application we need to restrict access:

And then based on the logic, allow or deny access from a specific subnet/s.

 

 



Verification

Post configuring the Application access control for guest (deny access to Guest management login), we can see that the access is blocked.

 

 

Then application access control can be reset from ClearPass CLI, if the access to Policy Manager is locked due to misconfiguration. SSH to the ClearPass server as "appadmin" user and execute the below command to reset the application access control.

# system apps-access-reset

 

 

Version history
Revision #:
2 of 2
Last update:
‎06-27-2019 12:03 PM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: