Security

Reply
Highlighted
Regular Contributor II

ClearPass - Management and Data ports

Hello,

 

CPPM 6.8.5

 

We currently only have a Management Port configured on our ClearPass boxes (we have a cluster of 4). But we now want to separate management traffic out primarily so we can put it through a firewall. We don't wish to firewall any other traffic at this stage. I've read in various other posts that you don't generally recommend using both a Management and Data port, but what would you recommend if we want to Firewall management traffic?

 

Thanks,

 

Guy

Highlighted
MVP Expert

Re: ClearPass - Management and Data ports

What is the purpose of separating management and have it policed via your firewall ?

You could define the networks you want to allow management access from in each ClearPass node.

To separate the traffic and use both ports ,you will need to configure static routing on each box to make this happen

Take a look at the ClearPass routing technote:
https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Command/Core_ViewDetails/Default.aspx?EntryId=14011



Thank you

Victor Fabian

Pardon typos sent from Mobile
Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Highlighted
Regular Contributor II

Re: ClearPass - Management and Data ports

Thanks for this.

 

They want to filter traffic before it ever touches the boxes. But having spoken to the FW engineer it seems as though he is happy to put all the traffic through the FW (management and auths etc) and do the filtering based on port numbers, so setting up a separate data port isn't a requirement after all it seems.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: