Security

Reply
Occasional Contributor I

Re: ClearPass and posture policy

So if I understand correctly,  after the client hits the portal and installs the agent will the client then do the health check against the "Web Health Check" service and then finally another COA  to get back to 802.1x service?

MVP Guru

Re: ClearPass and posture policy

That's correct you can either use Aruba terminate session or Agent bounce and at that point the device will go thru the 1X service again and be place in the right role/Access based on the return posture received after the health check
Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Occasional Contributor I

Re: ClearPass and posture policy

Thanks for your response Cappalli !

Contributor II

Re: ClearPass and posture policy

Thjis is a real irritant.  It is not in the documentation.  I have been using clearpass for 2 years and am trying to get OnGuard setup and it just won't have any of it.  Now I see it's because I am using  Aruba 802.1X Wireless as my Type. 

 

This is from having an Aruba Certified Engineer set it up originally.  So now I find out I cannot use the full functionality of this device because he set it up wrong.  WONDERFUL!!!!

Guru Elite

Re: ClearPass and posture policy

Can you provide a bit more information? What would you like help with?

 

From what you wrote, I'm assuming you are not currently using OnGuard but would like to set it up or is it already setup and not working correctly?


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Contributor II

Re: ClearPass and posture policy

I would like to turn on Posture Policies.  I followed the documentation, it was simple.  I created 2 policies, one for Student Windows the other for Student Mac BYOD.  When I saved them and went back to Service they were not there. 

Guru Elite

Re: ClearPass and posture policy

That is only step 1 for setting up posture checks. Do you use an Aruba partner? Onguard can be complex to setup if you have not used it before.

 

At a high level:

 

- You need to create a WEBAUTH service with posture enabled that returns certain actions based on TIPS:Posture results

- You need to allow cached posture results in your authentication service(s)

- You need to write enforcement rules that check TIPS:Posture status and return the appropriate role and/or restrictions.


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Contributor I

Re: ClearPass and posture policy

Hello, I have 2 questions:

1.A customer has legacy infrastructure that doesn’t support 802.1x protocol and he wants to implement clearpass in his network to secure the access; what is your offer to him?

2.Which protocol is used by the clearpass Onguard permanent agent to communicate with the policy manager?

your help is appreciated!

 

Guru Elite

Re: ClearPass and posture policy

Please create new threads for new topics in the future.

 

1) ClearPass supports a wide range of authentication technologies including MAC authentication, web authentication and SNMP-based enforcement (OnConnect)

2) It's a proprietary protocol that uses TCP port 6658


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Contributor I

Re: ClearPass and posture policy

Okey, thank you for your response!

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: