Security

last person joined: 21 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass Guest Queries

This thread has been viewed 1 times

  • 1.  Clearpass Guest Queries

    Posted Jul 17, 2012 01:13 PM

    HI Guys,

     

    Need your help on these queries:

     

    1) With the Guest Sponsor Workflow, the sponsor will receive an email after the Guest has self-registered. To approve, does the Sponsor requires a login account to the CP-Guest Server? Or can it be approved by anyone by clicking on the link?

     

     

    2) With the latest version till date, are we able to set the expiry dates for the Guest during the approval process?

     

     

    3) How will the licensing be when I have 2x CPPM in a cluster with it's relevent modules?

     

     

    Thank you!



  • 2.  RE: Clearpass Guest Queries

    Posted Jul 17, 2012 05:32 PM

    I can answer two out of three for you.  I will need to check into Question # 2 for you.

     

    For Question 1 - You don't need operator on ClearPass Guest (CPG).  All the approver need do is click a link.

     

    For Question 3 - Here is an explanation of how licensing works on CPG.

     

    • Licenses based on the number of unique authenticating endpoints (devices) per day
    • This is averaged across a 7 day period to take into account normal peaks and valleys to determine whether or not you are exceeding your limit.
    • If you exceed your limit you will get a warning in the WebUI
    • If it was an abnormal week, nothing will happen and that warning will disappear.
    • If you exceed your license count for 4 out of 6 months, you will be locked out of the WebUI until you resolve the issue
    • At no point will we disable the system from authenticating users if you exceed the license limit.

    Hope that helps.



  • 3.  RE: Clearpass Guest Queries

    Posted Jul 18, 2012 11:11 AM
    Hi Tarinelli, Thanks for the info. For Question 1 - Can we have a operator to approve in the workflow? For Question 3 - Thanks for the detailed reply. How will they work in a clustered deployment? Are the licenses shared/distributed amongst the cluster? Or each server have to carry the total user licenses? Thanks Bro. Appreciate your help.


  • 4.  RE: Clearpass Guest Queries

    Posted Jul 19, 2012 04:22 PM

    Yes.  you can direct the approval email to an operator rather than the employee hosting your guest.  Its up to you.  Licenses are shared across the cluster.



  • 5.  RE: Clearpass Guest Queries

    Posted Apr 05, 2013 09:44 AM

    Hi tarinelli, with regards to your comments:

     

    • Licenses based on the number of unique authenticating endpoints (devices) per day
    • This is averaged across a 7 day period to take into account normal peaks and valleys to determine whether or not you are exceeding your limit.
    • If you exceed your limit you will get a warning in the WebUI
    • If it was an abnormal week, nothing will happen and that warning will disappear.
    • If you exceed your license count for 4 out of 6 months, you will be locked out of the WebUI until you resolve the issue
    • At no point will we disable the system from authenticating users if you exceed the license limit.

     

    In which Aruba document is this stipulated? I need to show an official document to a customer.



  • 6.  RE: Clearpass Guest Queries

    EMPLOYEE
    Posted Apr 05, 2013 10:01 AM
    @DylanH wrote:

    Hi tarinelli, with regards to your comments:

     

    • Licenses based on the number of unique authenticating endpoints (devices) per day
    • This is averaged across a 7 day period to take into account normal peaks and valleys to determine whether or not you are exceeding your limit.
    • If you exceed your limit you will get a warning in the WebUI
    • If it was an abnormal week, nothing will happen and that warning will disappear.
    • If you exceed your license count for 4 out of 6 months, you will be locked out of the WebUI until you resolve the issue
    • At no point will we disable the system from authenticating users if you exceed the license limit.

     

    In which Aruba document is this stipulated? I need to show an official document to a customer.

    DylanH,

     

    Not sure this will be in a document.  I would suggest you hook up with your local Aruba SE or Sales team to get clarification.

     



  • 7.  RE: Clearpass Guest Queries

    EMPLOYEE
    Posted Apr 10, 2013 09:40 AM

    To clarify the answer to question 1, the requirement of operator logins is optional.  We recommend you DO require credentials, but you are free not to.  Either way, check the manual for IsValidEmail and set the appropriate whitelist / blacklist for email domains on the sponsor_email field. 

     

    There are no expiration options at approval time, no.  You can setup a default short-term expiration in the registration form itself, and then extend this, with a fixed value, on approval.  You cannot individually set a value though.  In scenarios where you have a couple distinct sets of visitors (say Guests and Contractors), we recommend setting up multiple self-registrations with the expiration times set, and then add links on the landing page for them to choose.  It would be on the sponsor to sanity check who they are sponsoring.