Security

last person joined: 7 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

CPPM OnGuard thru Wired

This thread has been viewed 2 times

  • 1.  CPPM OnGuard thru Wired

    Posted Mar 06, 2018 05:53 PM
    Hi to all,

    im simulating CPPM OnGuard in my lab, my objective is do Health Check on endpoints without placing them on a lobby/quarantine vlan since workstations are in static I.P. im replicating client's network environment.

    is it possible to enforce "initial role"when PCs health status is non compliant/unknown and have only limited access? still on same vlan then enforce "full access" once status is healthy?again without changing vlan.

    TIA :)





  • 2.  RE: CPPM OnGuard thru Wired

    Posted Mar 06, 2018 06:32 PM
    What type of switch are you using



    Thank you

    Victor Fabian

    Pardon typos sent from Mobile


  • 3.  RE: CPPM OnGuard thru Wired

    Posted Mar 07, 2018 05:29 AM
    im using hp 1920 .capable of 802.1x


  • 4.  RE: CPPM OnGuard thru Wired

    EMPLOYEE
    Posted Mar 08, 2018 05:11 AM

    You can use the Posture status to return the appropriate role (or ACLs) if the status is UNKNOWN.

     

    Please very carefully test what access you need in that posture unknown state as applications can be starting up already and may throw errors if they can't reach their servers before Onguard has made the posture check, posted results and access has been restored.

     

    For that reason, some customers decide to consider clients healthy untill they get an infected (or other status) message. Limit on UNKNOWN is the most secure of course.