Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

ClearPass endpoint profile expiry?

This thread has been viewed 1 times

  • 1.  ClearPass endpoint profile expiry?

    Posted Oct 14, 2019 10:20 AM

    I'm finding that some endpoints on our network profile fine when initially switched on, but if left powered on for a long time (roughly 5 days?) seem to drop back to not profiled. Is this expected behaviour? I understand the profiler uses DHCP discovers as one method of identifying the device, and I could understand that perhaps devices with long leases might not DHCP discover very often and thus might not get profiled very often. What I can't seem to find documented is in what circumstances an already profiled device will go back to not profiled or any settings to adjust that.



  • 2.  RE: ClearPass endpoint profile expiry?

    Posted Oct 14, 2019 03:37 PM

    Are you marking these endpoint as known?

     

    Maybe there is endpoint cleanup configured, that causes the endpoints to be deleted. Please check it under Cluster-Wide Parameters > Cleanup Intervals 

     

     



  • 3.  RE: ClearPass endpoint profile expiry?

    Posted Oct 15, 2019 08:20 AM

    The endpoints are marked as known, and additionally the cleanup interval for profiled unknown endpoints is set to 60 days so I don't believe that should be happening.

     

    I guess the easy way to prove this is to put something in the description/attributes and see if it's still there once the endpoint goes back to not profiled.