Security

last person joined: 8 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

BYOD Question

This thread has been viewed 1 times

  • 1.  BYOD Question

    Posted Feb 26, 2013 09:48 AM

    Looking for input on a specific challenge.  We currently have mobile devices connecting to our corporate SSID via PEAP.  We also have a TLS environment built however many laptops have now been configured for PEAP as well. This makes  locking down the PEAP environment to a restricted role or captive portal difficult unless fingerprinting is used considering there are thousands of laptops deployed that would be affected.   We have have been deploying Airwatch to all our mobile devices and consider any Airwatch devices trusted.  Would there be a way to only allow mobile devices that have have been configured with Airwatch on the corporate SSID?  I see some integration with Airwatch but it seems difficult to find details on that.  If anyone has any experience with that integration that would be great to hear.

     

    Thanks



  • 2.  RE: BYOD Question

    Posted Mar 04, 2013 06:47 PM

    I don't know much about Airwatch, but if the devices you really trust now are EAP-TLS (rather than PEAP)...

     

    If those same devices are MS OS, why not do a GPO update to them, to convert them to EAP-TLS? Once complete, change the PEAP authenticated devices by setting a role via RADIUS returned attribute?

     

    I'm guessing not all your "really trusted" devices are MS OS? Maybe you thought of this already?



  • 3.  RE: BYOD Question

    EMPLOYEE
    Posted Jul 22, 2013 10:47 PM

    With ClearPass, this is very doable.  We can key off attributes in the TLS cert to add context.  For example, IF TLS Cert value CONTAINS Airwatch, then allow access.