Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Aruba and Checkpoint ID Awareness - possible to send user info from Aruba?

This thread has been viewed 1 times

  • 1.  Aruba and Checkpoint ID Awareness - possible to send user info from Aruba?

    Posted Jun 29, 2014 03:09 AM

    is it possible to have radius accounting info sent to our Checkpoint firewalls so we can enforce username based poicies?

     

    We are currently using Clearpass to facilitate BYOD and are using .1x for authentication.  We need to be able to enforce the same user based FW policies to personal devices as we do corp, but as we arent seeing username ID on our firewalls, we cant.

     

    Is it possibe?  Our onnly alternative is to seperate BYOD devices and Corp onto their own subnets, rahter than simply controlling access via user roles, but isnt this a somewhat outdated approach?

     

     

     



  • 2.  RE: Aruba and Checkpoint ID Awareness - possible to send user info from Aruba?
    Best Answer

    EMPLOYEE
    Posted Jun 29, 2014 03:38 AM

    As of today you can not proxy accounting from clearpass. There currently is a feature request in for it.

     

    I have not tested it, but in the early deployment code in AOS you can send accounting to mulitiple devices.

     

    Screen Shot 2014-06-29 at 2.34.18 AM.png



  • 3.  RE: Aruba and Checkpoint ID Awareness - possible to send user info from Aruba?

    Posted Jun 29, 2014 06:43 AM

    Cheers for that...

     

    So looks like I will have to revert to network segmentation.. not the end of the world I suppose, just not as neat as usuing user roles to control access...