Will Application Access control configuration be retained on the node while adding to the cluster?
We can configure Application Access Control on each server which could Allow/Deny Applications on ClearPass [like Onguard, Insight, Graphite etc] from certain client subnet by navigating to Administration » Server Manager » Server Configuration » Network as shown below:
Will these configuration be retained after adding the server as Subscriber to a cluster?
When a server is added to a cluster, it's database would be reset and it will start replicating data from the Publisher server as shown below:
INFO - Subscriber node entry added in publisher
INFO - Backup databases for AppPlatform
INFO - Backup databases for PolicyManager
INFO - Stopping services
INFO - Dropped existing databases for Policy Manager >>// Current Database on the server is wiped.
INFO - Create database and schema for Policy Manager
INFO - Local database setup done for Policy Manager databases
INFO - Subscriber password changed
INFO - Syncing up initial data...
INFO - Config database temporarily locked for updates
INFO - xx.xx.xx.xx: - Backup databases for AppPlatform
INFO - xx.xx.xx.xx: - Backup databases for PolicyManager
INFO - Config database lock released
INFO - Subscriber now replicating from publisher xx.xx.xx.xx
INFO - Retaining local node certificate
INFO - Restoring log database...
INFO - Restore started for AppPlatform databases
INFO - Restore complete for AppPlatform databases
INFO - Restore started for PolicyManager databases
INFO - Database size after restore for tipsLogDb: 12 MB
INFO - Restore complete for PolicyManager databases
INFO - Subscriber replication and node setup complete
INFO - Notify publisher that adding subscriber is complete
INFO - Subscriber added successfully
INFO - Restarting Policy Manager admin server
Make subscriber complete. Re-login after sometime
When the database is wiped on the server, it will also clear the Application access control Network rules [Note: It will not replicate the Application Access Control configuration from Publisher as these are server specific].
Server after adding to the cluster:
Hence when we are adding a server to the cluster which has Application Access Control configured it's recommended to manually add those configurations again.
[Note: Backup will not have Application Access configuration]