Security

Reply
Highlighted
Aruba

Re: ClearPass Policy Manager 6.8 Releases

Hello All,

 

We are pleased to announce the immediate availability of ClearPass Policy Manager 6.8.1!  In addition to bug fixes, this release also includes several new features that our Engineering and QA team have worked tirelessly to include:

 

Agentless OnGuard Improvements

Why is this interesting? Customers no longer need to copy the checksum values between screens.  The data is now automatically populated unless the customer has opted to manually override this in use cases where they host the files on another server.

 

Agentless OnGuard now officially supports Windows Server Core versions of Windows Server 2012R2 through 2019.  This allows Agentless OnGuard to operate on versions of Windows that do not have a UI.

 

Improved Switch and Router Profiling Support

Why is this interesting? SNMP profiling of NADs is now load-balanced across all nodes in a zone.  This allow for more efficient SNMP profiling.

 

Source IP address and ports are now collected for all NetFlow versions (v1, v5, v6, v7, and v9) and sFlow.  The MAC address is also collected for NetFlow v9/IPFix and sFlow sources if it exists.

 

Expanded Hypervisor Support

Why is this interesting? ClearPass Policy Manager is now approved to run on the Microsoft Hyper-V Server 2019, as well as VMware ESXi 6.7 update 2 hypervisor platforms.

 

Updates to Appliance Names

Why is this interesting? The hardware appliance name changes introduced in Policy Manager 6.7 have made it difficult for some customers to identify the specific appliance model/version.  The names will now include their updated name as well as a hardware indicator.  This allows better identification of appliance hardware.

 

RADIUS Responses are Dropped if Policy Server service is Unresponsive

Why is this interesting? Normally Policy Manager’s RADIUS server will return a REJECT message if the policy server service was unresponsive or crashed.  The RADIUS service will now drop the request without sending a response, allowing NADs to fail over to alternate RADIUS servers easier.

 

ClearPass Device Insight Integration Enablement

Why is this interesting? Customers who are using both ClearPass Policy Manager and ClearPass Device Insight will be able to link the two systems together for better endpoint visibility and reporting. This feature enables the Policy Manager side of the integration but requires the upcoming ClearPass Device Insight 1.0.2 release before being ready for use. Additional content will be made available as we near the Device Insight 1.0.2 release.

 

As always, please take note of the ‘Changes of Behaviors’ section of the release notes (https://www.arubanetworks.com/techdocs/ClearPass/CP_ReleaseNotes_6.8.1/Default.htm).

 

The update images have been posted to the support site (Aruba Support site) and the software updates portal.  Posting to MNP and ASP will complete shortly.

 

A big thanks and congratulations to the ClearPass Engineering, ClearPass QA and TechPubs teams for reaching this milestone!

 

Best regards,

The ClearPass Team

Moderator

Re: ClearPass Policy Manager 6.8 Releases

We are pleased to announce the immediate availability of ClearPass Policy Manager 6.8.3!  In addition to bug fixes, this release also includes several new features that our Engineering and QA team have worked tirelessly to include:

 

Certificate Authentication with VMware AirWatch (MDM)

Why is this interesting? VMware AirWatch recently began replacing authentication with tokens in order to use certificate-based authentication.  Policy Manager is now able to interact with AirWatch using certificates rather than tokens for a more secure authentication process.

 

Push backups using NFS

Why is this interesting? Policy Manager now supports pushing backups using NFS.  This allows customers who do not have SCP/SFTP environments available to back up to Microsoft Windows enabled systems.

 

Enhanced Access Tracker filtering

Why is this interesting? Customers can now find Access Tracker records with significantly less searching through long lists of filtered results.  Filtering in the Access Tracker screen now allows the use of additional attributes including posture, authorization, RADIUS, and computed attributes. 

 

MPSK support using RadSec

Why is this interesting? Customers using Aruba’s Multiple Pre-Shared Key (MPSK) to secure their IoT systems can now use RadSec (RADIUS over TLS) rather than only using RADIUS connections.

 

OnGuard support for macOS Catalina (10.15)

Why is this interesting? This release officially adds OnGuard support for the Catalina release of macOS.  Catalina now requires all programs to have attestation signing to be able to install when downloaded from a web browser.  This update allows customers to download and install OnGuard agents directly from web browsers without errors. 

 

Support for wired Evil Twin detection

Why is this interesting? Aruba controllers already prevent a cloned system from appearing on a network more than once, but wired networks are the new point of attack.  Inserting an unmanaged switch/hub into the network would allow attackers to clone an existing computer (IP address, MAC address, user agent, etc.).  Endpoints using OnGuard are able to interact with ClearPass to indicate whether a system has an Evil Twin.  ClearPass can then notify the last managed port to quarantine the system and/or alert administrators.

 

List available posture updates

Why is this interesting? OnGuard customers are now able to list out all supported information for Windows Hotfix Updates (by KBID) and Posture Signature Updates (by AV definition version, date, and/or signature).

 

As always, please take note of the ‘Changes of Behaviors’ section of the release notes (https://www.arubanetworks.com/techdocs/ClearPass/CP_ReleaseNotes_6.8.3/Default.htm).

 

The update images have been posted to the support site (Aruba Support site) and the software updates portal.  Posting to MNP and ASP will complete shortly.

 

A big thanks and congratulations to the ClearPass Engineering, ClearPass QA and TechPubs teams for reaching this milestone!

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: