Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass 5K Appliance

This thread has been viewed 2 times

  • 1.  Clearpass 5K Appliance

    Posted Apr 17, 2014 11:40 AM

    Hi,

     

    The customer I'm visiting next week has purchased the 5k appliance. This is a first for me, as every other customer I've seen over the last couple of years has gone for the VA version.

     

    So this got me thinking I should download the lastest patches/updates etc for it just to be safe. And I should probably get the ISO to rebuild it "just in case".

     

    I've just browsed around all the Clearpass download areas, and I can only see the VM/VAs and an OVF for eval purposes...

     

    Capture1.PNG

     

    So, if there's no ISO, what do you rebuild the appliance from if it's trashed? Do you just ESXi host build it, and install the 5K VA on top?

     

    Moving on from that thought, are the upgrades and patches (for VAs normally) that are there suitable for the appliance (including the OpenSSL fix)? For example, assuming the appliance has shipped with 6.1 or 6.2, can I apply the following upgrade/patch files in order?

     

    CPPM-x86_64-6.3.0.60537-upgrade.zip.signed

    CPPM-x86_64-20140217-clearpass-6.3-updates-1-patch.zip.signed

    CPPM-x86_64-20140408-631-openssl-fix-patch.zip.signed

     

    Any hints/tips appreciated.



  • 2.  RE: Clearpass 5K Appliance

    Posted Apr 17, 2014 11:47 AM

     

    If you have access to the internet and the subscription ID you should be able to download that way but you could use this one :
    2014-04-17 11_42_47-Clearpass 5K Appliance - Airheads Community.png

     

    Moving on from that thought, are the upgrades and patches (for VAs normally) that are there suitable for the appliance (including the OpenSSL fix)? For example, assuming the appliance has shipped with 6.1 or 6.2, can I apply the following upgrade/patch files in order?

     

    CPPM-x86_64-6.3.0.60537-upgrade.zip.signed

    CPPM-x86_64-20140217-clearpass-6.3-updates-1-patch.zip.signed

    CPPM-x86_64-20140408-631-openssl-fix-patch.zip.signed

     

    Yes



  • 3.  RE: Clearpass 5K Appliance

    Posted Apr 17, 2014 11:51 AM

    Thanks Victor, top man regarding the patches.

     

    Just to be clear on the first point, I'm going to assume the customer "can't find" the subscription IDs next week (usually an email hunt involved). So, am I right regarding needing to build ESXi on the host appliance first (if it comes to it)? And if I do, what version is preferred? 5? 6? I've got a few discs in the garage.

     



  • 4.  RE: Clearpass 5K Appliance

    Posted Apr 17, 2014 12:20 PM

     So, am I right regarding needing to build ESXi on the host appliance first (if it comes to it)? And if I do, what version is preferred? 5? 6? I've got a few discs in the garage.

     

    No need to do that.



  • 5.  RE: Clearpass 5K Appliance

    Posted Apr 17, 2014 12:32 PM

    Ok.

     

    But if the appliance OS is corrupt, how would I rebuild it using the VA 5k zip download?

     

    The zip only contains an OVF, which you can't image a physical host appliance from to my knowledge (you'd need an ISO or similar).

     

    Am I confused?

     



  • 6.  RE: Clearpass 5K Appliance
    Best Answer

    EMPLOYEE
    Posted Apr 17, 2014 12:35 PM
    You need to open a TAC case. You can not re image an appliance. It does not run on vm.


  • 7.  RE: Clearpass 5K Appliance

    Posted Apr 17, 2014 12:37 PM

    Really?

     

    That's interesting. I'll bear that in mind then.

     

    Thanks.