Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

* Automatic download and install is disabled

This thread has been viewed 25 times

  • 1.  * Automatic download and install is disabled

    Posted Jan 08, 2018 04:32 PM

    Hi Everyone, 

    I recently upgraded to my cppm cluster to 6.7.0 and have had all the licences converted and added in . I also have added in my HPE passport credentials.

     

    The problem i appear to be having is under Posture & Profile Data Updates, posture, windows hotfixes and endpoint staus is " needs update"

     

    I notice just underneath there is an asterix that states * Automatic download and install is disabled.

     

    Is there a way to turn auto download on , or do I have to manually update by clicking on the import updates button ?Capture.PNG

     

     

     



  • 2.  RE: * Automatic download and install is disabled
    Best Answer

    EMPLOYEE
    Posted Jan 08, 2018 04:34 PM

    From the release notes:

     

    "Customers who use OnGuard or who use endpoint profiling must explicitly enable two new cluster-wide parameters in order to continue receiving automatic updates, even if they received automatic OnGuard or profiling updates prior to the 6.7.0 release."

     

    http://www.arubanetworks.com/techdocs/ClearPass/CP_ReleaseNotes_6.7.0/Default.htm#WhatsNew/ImportantChanges.htm

     



  • 3.  RE: * Automatic download and install is disabled

    Posted Apr 18, 2018 10:12 AM

    This is not entirely true. You need to change your clusterwide options to allow it per this link

     

    http://www.arubanetworks.com/techdocs/ClearPass/6.7/PolicyManager/index.htm#CPPM_UserGuide/Admin/Software_Updates.htm#top

     

    NOTE: In a ClearPass cluster, the Import Updates option is available on the Publisher node only.
    By default, updates for Posture Signature, Windows Hotfixes, and Endpoint Profile Fingerprints are not automatically downloaded and installed. To set these updates to be automatic, you must set the following Cluster-Wide Parameters to TRUE:
    * Automatically download Posture Signature and Windows Hotfixes Updates
    * Automatically download Endpoint Profile Fingerprints
    For details, refer to General Parameters .



  • 4.  RE: * Automatic download and install is disabled

    EMPLOYEE
    Posted Apr 18, 2018 10:58 AM
    Sorry, what’s not true?


  • 5.  RE: * Automatic download and install is disabled

    Posted Apr 18, 2018 11:11 AM

    That you only need to create that enforcement profile. In fact, it had actually zero bearing on enabling the auto updates for software. 



  • 6.  RE: * Automatic download and install is disabled

    Posted Apr 18, 2018 11:16 AM

    Let me rephrase, the quote that you posted applies to OnGuard, which while there is an enforcement profile that needs to be created, it does not apply to the OPs question about the actual software updates and the answer to that question is in the link I posted about the actual cluster wide options that need to be changed. 

    @Jeff.Hwrote:

    That you only need to create that enforcement profile. In fact, it had actually zero bearing on enabling the auto updates for software. 

     



  • 7.  RE: * Automatic download and install is disabled

    EMPLOYEE
    Posted Jun 10, 2019 11:50 AM

    As a follow up for those that need it, Cluster-Wide Parameters can be found under:

    Administration > Server Manager > Server Configuration

    Then click the second link in the upper right for Cluser-Wide Parameters

    General tab, config options lines 7 & 8.