Security

last person joined: 19 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

CPPM Endpoint profiled then not profiled

This thread has been viewed 12 times

  • 1.  CPPM Endpoint profiled then not profiled

    Posted Nov 09, 2015 10:29 PM

    Hi,

     

    We brought a new CPPM server online in one of our remote offices and joined it to the existing cluster.

     

    Since then I have been having some strange issues with the Endpoints DB.

    I have one endpoint in particular that keeps switching between being profiled and not profiled.

     

    It seems that after a successful machine authentication, it is profiled, the next time it performs machine authentication, it then becomes not profiled. I am not doing anything that would change this status in the enforcement profiles.

     

    Has anyone seen this behavior before?

     

    On a side note, for the IP helper addresses that we configure to help with DHCP finger printing, should we be targetting the publisher? Or the subscriber in each remote location?

     

    Thank you,

     

    Cheers

     



  • 2.  RE: CPPM Endpoint profiled then not profiled

    Posted Nov 09, 2015 10:47 PM
    What version are you running ?

    You should have all the CPPMs IP address as DHCP relays


  • 3.  RE: CPPM Endpoint profiled then not profiled

    Posted Nov 09, 2015 10:55 PM

    So for each subnet we should configure each CPPM as a dhcp relay in every location? I didn't know that!

    Thank you. I will configure that in the morning.

     

    As for the verison. We are running 6.5.4.76733 across all 3 CPPM servers.



  • 4.  RE: CPPM Endpoint profiled then not profiled

    Posted Nov 10, 2015 08:50 AM

    What is the reason for listing all servers as helpers? Redundancy or some other advantage in doing it?



  • 5.  RE: CPPM Endpoint profiled then not profiled

    EMPLOYEE
    Posted Nov 10, 2015 08:53 AM

    Honestly, you should only need to point to a single CPPM instance with profiler running.



  • 6.  RE: CPPM Endpoint profiled then not profiled

    Posted Nov 10, 2015 09:16 AM

    What would be the best CPPM to point the IP helper address to?

     

    I was thinking that the issue with endpoint becoming unprofiled was because the Subscriber was learning the finger print and profiling the device and when the publisher did the sync it was overwriting it. But perhaps that is not the case.



  • 7.  RE: CPPM Endpoint profiled then not profiled

    EMPLOYEE
    Posted Nov 10, 2015 09:20 AM

    The server that has the following enabled:

    profiler.png



  • 8.  RE: CPPM Endpoint profiled then not profiled
    Best Answer

    Posted Nov 10, 2015 10:52 AM

    I have confirmed that all three of the CPPM servers in the cluster have this feature enabled.

     

    Is there anything else that could cause this behavior?

     

    Is the process of profiling logged by the CPPM somewhere that I could maybe look at?



  • 9.  RE: CPPM Endpoint profiled then not profiled

    Posted Dec 26, 2015 05:28 AM

    no direct experience with this issue, but if you don't want to involve TAC (which could also be route of course) then you could try turning it off on two of them do determine if that perhaps helps.



  • 10.  RE: CPPM Endpoint profiled then not profiled

    Posted Jun 11, 2019 03:49 AM

    Hi all,

    I encountered at 1 of the environment, the last time all the devices was profiled 2 years back. But all or most of the device is still online. Does the profiling occur everyday, or is just a one-time action?

    Please advise
    Thank You
    Peter