Security

last person joined: 2 days ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass / JAMF / macOS (Centrified)

This thread has been viewed 23 times

  • 1.  Clearpass / JAMF / macOS (Centrified)

    Posted Apr 29, 2018 09:48 PM

    Hey All,

    I am new to the forum and looking for some support if possible.

    We have a Combination of technologies which I am trying to get to play nice. The Infrastructure is a combination of Cisco Meraki APs, Palo Alto Firewall & Clearpass CPPM 6.7.2.

    We have a mixed Environment of Windows & macOS.
    The CPPM was setup by a third party who has been of no help in regards to our environment.

    Currently I have a secondary SSID Configured to talk to a NAP Server running locally and basically we bypass all CPPM functions.
    I would like to have the macOS Devices function correctly on the CPPM Environment.

     

    I have tried the guide on configuring JAMF w/ CPPM SCEP, but the profile fails and doesn't seem to be updated for the latest JAMF Pro Version (Or atleast what I can find).

    Student Network - VLAN201
    Staff Network - VLAN202

    IT Network - VLAN105

    Goal is to have all the devices function on a single SSID and their Network Access Determined with AD Groups.

    Staff Machines are AD Joined.
    Student Devices are BYOD.

    While the system 'works'. there are some issues.
    iPhones refuse to connect, and when they do the credentials are not parsed correctly to the Palo Alto.

    All Windows Machines function fine. macOS Devices do not, I believe this is due to us not using the inbuilt AD mechanisms.

    CPPM is Pulling all data from the JAMF Server via its Context Endpoint Configuration.

    If anyone can help me resolve this, I would be greatful.

    Regards,

    Nathan



  • 2.  RE: Clearpass / JAMF / macOS (Centrified)

    Posted Jun 05, 2020 10:55 AM

    Did you ever get this working?  I am dealing with the same thing - trying to find a starting point.



  • 3.  RE: Clearpass / JAMF / macOS (Centrified)

    Posted Jun 06, 2020 02:15 AM

    Hi lsimanek,

     

    Can you layout your specific of your environment and lets see if we can help you solve the issue your facing?

     



  • 4.  RE: Clearpass / JAMF / macOS (Centrified)

    Posted Jun 08, 2020 10:41 AM
    We are implementing 802.1x authentication/mac authentication - so we have
    windows machines working where they are domain computers and AD users. But
    I need to be able to have apple computers verified as company computers and
    users. Looking for whitepaper on getting Jamf to interact with Clearpass
    so I can verify the apple computer is a company computer.

    *Larry Simanek*
    *Systems Network Analyst *
    *619-644-8263*
    Grossmont Union High School District

    SAVE TIME TRY OUT NEW HELP DOCUMENTATION


  • 5.  RE: Clearpass / JAMF / macOS (Centrified)

    Posted Jun 08, 2020 03:58 PM

    Hi Larry,

     

    Your request is as simple as it comes :). You can leverage the ClearPass & JAMF Pro integration to validate if apple devices are enrolled and are under management of your JAMF Pro tenant. You can extend that to ensure they are also in compliance as per your defined compliance policy + other things.

     

    Now, today the only integration we have is to use the Context-Server pre-defined in CPPM, we're about to release a new JAMF Pro integration option enabled as a ClearPass Extension that will offer some additional capabilities, from your need above the inbuilt Context_Server we've had around for ~7-years will enable the needs you defined.