Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

ClearPass rules combined or split?

This thread has been viewed 0 times

  • 1.  ClearPass rules combined or split?

    Posted Feb 19, 2017 06:54 AM

    I was at recent event and a discussion came up about clearpass deployments.

     

    Some say for better proformance you should combine your clearpass service rules e.g. mac auth/social into one rule, others say you should split them out as it makes it easier to troubleshoot.

     

    What is the community view?

     



  • 2.  RE: ClearPass rules combined or split?

    Posted Feb 19, 2017 08:39 AM

    My personal preference is to combine as much as possible in one service. But I make a distinction between wired, wireless and management services. 

     

    And I use "dividers" to order the services in a more readable way.

    services.png



  • 3.  RE: ClearPass rules combined or split?

    EMPLOYEE
    Posted Feb 19, 2017 09:57 AM
    There's not a one size fits all answer. Literally every ClearPass deployment is different in some way.


  • 4.  RE: ClearPass rules combined or split?

    Posted Feb 20, 2017 03:12 AM

    Tim, this is true no clearpass is same, i have deployed multiple CPPMs of varing sizes and none are them same.

     

    It does bring up the point, however there is no clear, best practice guide on deployments.