How to deny client device access to ClearPass management portal
From a security perspective, how to restrict client device accessing the ClearPass management portal page?
From ClearPass 6.3.x onwards a new feature was added named as "Access Control List Configuration". Using this ACL list, we call allow/deny access to ClearPass applications from specific subnet/s.
In order to configure the Application access control ACL, please navigate to CPPM > Administration > Server manager > Server configuration > Select the server > Network tab > click on Restrict Access
Here we can select the specific application we need to restrict access:
And then based on the logic, allow or deny access from a specific subnet/s.
Post configuring the Application access control for guest (deny access to Guest management login), we can see that the access is blocked.
Then application access control can be reset from ClearPass CLI, if the access to Policy Manager is locked due to misconfiguration. SSH to the ClearPass server as "appadmin" user and execute the below command to reset the application access control.
# system apps-access-reset