Security

Hi,

 

I am new to Clearpass facing few issues. I configured ClearPass Posture setting to check health of system facing following issue.

 

1. Once we disable antivirus on system, still Agent showing System is healthy untill we uninstall antivirus. kindly let me know how to let agent to check whether antivirus is disable or enable.

 

2. In Clearpass 6.3, I am not able to find Agent Portal to let user to download Agent, if they didn't have it. How to solve this Agent Portal issue, what will be the URL for Agent Portal in 6.3.

 

3. I am trying to url-redirect with Cisco Switch but Cisco is not passing URL to System. How to troubleshoot it and solve it.

 

Regards,

Atif.

1. Once we disable antivirus on system, still Agent showing System is healthy untill we uninstall antivirus. kindly let me know how to let agent to check whether antivirus is disable or enable.

Enable this :

 

2. In Clearpass 6.3, I am not able to find Agent Portal to let user to download Agent, if they didn't have it. How to solve this Agent Portal issue, what will be the URL for Agent Portal in 6.3.

 

3. I am trying to url-redirect with Cisco Switch but Cisco is not passing URL to System. How to troubleshoot it and solve it.

 

How are you applying this in the enforcement profile ?

 

In the enforcement profile you should do the following :

url-redirect=https://redirect_url

ip access-list extended Onguard_ACL
 deny   tcp any host <CPPM IP>
 permit tcp any any

 

 

Like Victor said above, we show you links to the agent with URLs on that page.  You can simply create a html page on Clearpass or elsewhere and use these links to download the agent

Thanks both of you for your help. I am able to solve my first two issues.
For 3rd issue i saw one post in that user solve the issue my upgrading Cisco IOS to 15.5, I have IOS 15.0. I am trying to upgrade it and will check and also I am seeing url in output of command "show authemtication session interface" but some how it is not passing to system.

I have one more query:
Is there possibility to triger recheck of onguard agent health of system on realtime means once we disable antivirus on the spot onguard check health and put system in Quarantine VLAN because in my case agent recheck health almost after one minute of disabling of antivirus.

Regards,
Atif.

You would create a rule in your OnGuard Web Auth service that does a CoA if the clients health status is UNHEALTHY or UNKNOWN. Then you would create a rule in your client authentication service that checks for the UNHEALTHY or UNKNOWN status and assign a quarantine configuration/VLAN.

Sent from Surface Pro

I have already configured both services as you suggested and i have no issue with it. i have issue with time agent re-evaluate the system health. is it possible to decrease to make it realtime as we change system setting onguard agent re-evaluate it on the spot, not to delay re-evaluation for one minute and made decision according to policy