Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Applying different Posture Policies

This thread has been viewed 13 times

  • 1.  Applying different Posture Policies

    Posted Jul 23, 2015 07:58 AM

     

    ​​​​​Hi, 

     

    I want to apply different posture policies depending upon the user coming in with the asset.

    For example: If an employee is coming with a corporate laptop, I want to assign one type of posture policy. If the employee is coming with personal asset, I want to assign a different posture policy.

    (Employee with Corporate asset = Posture policy A

    Employee with personal asset = Posture policy B)

    I am able to differentiate the employee with corporate asset or with the personal asset, but how I can assign suitable posture policy depending upon the asset if I am able to identify the user asset.

    Kindly help.

     

    Regards,

    PRASANTH.



  • 2.  RE: Applying different Posture Policies
    Best Answer

    EMPLOYEE
    Posted Jul 23, 2015 08:01 AM
    When you configure posture policies, you can lock them to roles. So do a role mapping for corporate vs personal and then add the appropriate role to the posture policy.


    Thanks,
    Tim


  • 3.  RE: Applying different Posture Policies

    Posted Jul 23, 2015 08:09 AM

    Hi,

     

     

    Hi,

     

    If I map the employee role with corporate asset or personal asset to apply the posture service, then I need to create two onguard webauth services right?



  • 4.  RE: Applying different Posture Policies

    EMPLOYEE
    Posted Jul 23, 2015 08:13 AM
    No, you can use the same service. Just use the role info in your enforcement rules.


    Thanks,
    Tim


  • 5.  RE: Applying different Posture Policies

    Posted Jul 23, 2015 08:18 AM

    Hi,

     

    But we will apply the posture policy depending upon the role, post applying the posture policy i am sending the enforcent right, so how I can differentiate the posture policies.

     

    Thanks,

    PRASANTH.



  • 6.  RE: Applying different Posture Policies

    EMPLOYEE
    Posted Jul 23, 2015 08:20 AM
    Use the same roles in your policy to differnetiate.


    Thanks,
    Tim


  • 7.  RE: Applying different Posture Policies

    Posted Apr 17, 2018 04:03 PM

    Hi, I´m trying to restrict the posture policy to roles so I can diferentiate internal from external users and apply to them different postures but I always get Unknown as the posture result as soon as I configure the restrict by roles part.

     

    One conncetion example would be:

     

    A user with the role mgs-preventa connects to the network and always gets the Unknown result when the restrict by roles have the msg-preventa configured (image attached). If I remove the the role from that part, the user connects and gets healthy or unhealty posture result.

     

    Do you have any idea why this is happening?

     

    My Clearpass version y 6.6.0



  • 8.  RE: Applying different Posture Policies

    Posted Apr 17, 2018 04:34 PM
    Can you please explain a bit more what type of enforcement you are trying
    to apply to each role ?


  • 9.  RE: Applying different Posture Policies

    Posted Apr 17, 2018 04:45 PM
    Hi, After the posture check i'm applying RADIUS enforcement profiles which are working fine even when I get the Unknown posture status.

    My issue resides when I tried to restrict different posture policies to certain roles so I´m apply different posture policies to different users/Devices. Note: I do have a Role mapping that is working as expected.



    [http://imigesa/uapoyo/icorporativa/Firma%20Mail%20MS%202013/LOGOS/Logo-de-firma-Equipamiento.png]

    Ulises Cázares / Ingeniero de Preventa
    Aruba - ACMP/V6.4-V8 ACCP 6.5, HPE - Network Master ASE
    VMware - VCP6/DCV-NV, F5 BIG-IP Administration,
    Palo Alto - PCNSE, ITIL - Practitioner
    Cisco - CCNA, HPE - ATP Data Center Solutions
    ulises.cazares@migesa.com.mx
    +52 (81) 83890400 ext. 4512
    http://www.migesa.com.mx
    [Twitter] [Facebook] [LinkedIn] [Youtube]


  • 10.  RE: Applying different Posture Policies

    Posted Jun 18, 2019 02:29 PM

    the posture plugins must be configured, no?

    and also the rules we must specify, if pass all SHV -> token=healthy

    if not pass one or more SHV -> token=quarantine (for example)

     

    it will stay unknown forever if we dont configure those, right?



  • 11.  RE: Applying different Posture Policies

    Posted Jan 27, 2021 10:10 AM
    Did you ever knew the solution? I'm having the same problem
    Thanks in advance

    ------------------------------
    Elizabeth Mart�nez
    ------------------------------

    Original Message


  • 12.  RE: Applying different Posture Policies

    EMPLOYEE
    Posted Jan 28, 2021 08:48 AM
    This is an old thread. Please open a new one and share more-specific what you have already and where the exact issue is, or reach out to Aruba Support as they probably can quickly have a look at your configuration and fix it.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    ------------------------------

    Original Message