Security

Reply
Occasional Contributor II

Clearpass DUR ACL inbound configuration

Hi guys,

 

hoping to get some help with this. We are getting ready to enforce our clients in the next month and came up with an issue yesterday as far as the remediation process. Here's a quick explanation.

 

We have the Onguard Agent installed and posturing wired/wireless devices. Currently, they are installed and not doing anything(no actual quarantine). We created our DACL and DUR(Cisco and Aruba switching) to push down an access list once a device is into Quarantine. Basically, it will be allowed to reach SCCM(in case quarantine was caused by missing critical patches) or our antivirus software(in case the service is not running). Some of this can be remediated automatically, but a lot of the time, we were planning on using a jump server(isolated) which would be allowed inbound to the affected device. From our testing so far, since the ACL's seem to be standard only(not extended with an IN and OUT), we can determine what the affected device has access to outbound, but we can't seem to figure out how to allow our JUMP server to have access inbound. 

 

Is this possible from the DUR or DACL push down or do we have to look at other options? I'm just wondering if anybody else out there is using a similar type of approach where the device gets very limited access, but on the flip side, a regular device(determined) can have RDP access to that device(we use a lot of RDP/Remote assistance for remote remediation.

 

If I am not making myself clear, let me know and I can maybe expand and give a modfied version of our current ACL.

 

Thanks alot,

 

Ben
 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: