Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass OnBoard and IOS 7

This thread has been viewed 0 times

  • 1.  Clearpass OnBoard and IOS 7

    Posted Sep 11, 2013 12:10 PM

    Has there been any validation of the OnBoard process and IOS7 regarding compatibility? I'm preparing in the event of an onslaught.  :)



  • 2.  RE: Clearpass OnBoard and IOS 7

    EMPLOYEE
    Posted Sep 11, 2013 12:29 PM

    It is being tested and validated in engineering. As of today CPPM will not allow you to onboard IOS 7



  • 3.  RE: Clearpass OnBoard and IOS 7

    Posted Sep 11, 2013 02:30 PM

    Hi Special K, we have actively been testing the beta versions of iOS7 and just received the golden build yesterday with the Apple announcement.  We will provide updated information for customers and partners relating to Onboarding for iOS7 very soon so that they are ready to handle the new devices.  Just a note that devices that have already been Onboarded should update to iOS7 and retain their settings as per previous version upgrades.  More to come on this topic.

     

    Carlos



  • 4.  RE: Clearpass OnBoard and IOS 7

    MVP
    Posted Sep 19, 2013 03:53 AM

    Any news on this?

    Dealng with a POC where certificate validity is a week and I'm already having people that can't re-onboard.

     

     



  • 5.  RE: Clearpass OnBoard and IOS 7

    Posted Sep 19, 2013 06:54 PM
    @KoenV wrote:

    Any news on this?

    Dealng with a POC where certificate validity is a week and I'm already having people that can't re-onboard.

     

     

    I think if you have a situation where people need to use their devices, then you should have support policies in place that state what you will and can support within your environment.  We are simply not providing support for iOS 7, and likely will not for atleast a couple of weeks.  It is just too much for our department, and can really cause support issues within the environment.

     

     



  • 6.  RE: Clearpass OnBoard and IOS 7

    EMPLOYEE
    Posted Sep 19, 2013 06:55 PM
      |   view attached

    Just a quick note on this... there is a patch that was released today for CPPM

     

    patch.png

     

     

     

     

     

    A point patch is now available for the following versions of ClearPass:

    • 6.0.2 with cumulative patch 4
    • 6.1.4
    • 6.2.1

    What does this patch do?

     

    This patch adds support for detecting the iOS 7 captive network assistant, which is required in certain circumstances.

     

    Do I need to install the patch?

     

    In particular, if you have a captive portal that is used for onboarding iOS 7 devices, you should install this patch and use the "landing.php" workaround documented in the app note in order to successfully Onboard these devices.

     

    The app note "Apple Captive Network Assistant Bypass with ClearPass Guest" has been updated; see attached.  This can also be downloaded from the support site under ClearPass » Guest » Tech Notes.

     

    How do I install the patch?

     

    The patch is available through ClearPass Policy Manager » Administration » Agents and Software Updates » Software Updates.

     

    It is also being uploaded to the support.arubanetworks.com download site, for those customers without direct access to the Internet or for offline distribution.

     

    What about Amigopod 3.9?

     

    The next maintenance release of Amigopod 3.9 (3.9.9) will also include this patch, for completeness across our entire range of supported products.

     

    Will I need the point patch in future?

     

    The next scheduled monthly patch for ClearPass 6.2 (6.2.2) will include this patch, as will all subsequent versions of ClearPass; this point patch is an interim solution given yesterday's worldwide release of iOS 7.



  • 7.  RE: Clearpass OnBoard and IOS 7

    Posted Sep 23, 2013 05:11 AM

    Hi all,

     

    I read in the AppNote_Apple_Captive_Network_Asst_Bypass_with_CPG.pdf that in amigopod 3.9.9 ios 7 support is implemented.

    en that it is released on 18 sept. but i can not see any update.

    Can some one tell me when 3.9.9 is released

     

    Regard

     

    Peter



  • 8.  RE: Clearpass OnBoard and IOS 7

    EMPLOYEE
    Posted Sep 23, 2013 05:21 AM
    If you look in the section with the QA it states

    " What about Amigopod 3.9?

    The next maintenance release of Amigopod 3.9 (3.9.9) will also include this patch, for completeness across our entire range of supported products."

    I post a note when it is available....


  • 9.  RE: Clearpass OnBoard and IOS 7

    EMPLOYEE
    Posted Sep 25, 2013 07:42 PM

    Amigopos 3.9.9 was released today with the IOS 7 patch. 

     

    All,
     
    The Amigopod 3.9.9 release is now complete and has been published to our various download and update sites.
     
    Issues fixed in the 3.9.9 release:
    • #17753 – Added support for iOS 7 to the Apple Captive Network Assistant bypass feature (landing.php)

    The Aruba Amigopod 3.9 Production Release plugin set has been updated, so all existing customers with a subscription ID for the 3.9 release are now able to update immediately.



  • 10.  RE: Clearpass OnBoard and IOS 7

    Posted Oct 02, 2013 02:00 PM

    I followed the attached documentation and ios7 devices are still hitting getting CNA.  I'm on 6.2.2. 

     

    *Update*

     

    TAC thinks it's a bug.  Whitelisting a few apple URLs in the captive portal profile to get around the issue for now.



  • 11.  RE: Clearpass OnBoard and IOS 7

    EMPLOYEE
    Posted Sep 11, 2013 10:33 PM
    Correct. If your iOS device was already onboarded and backed up to iCloud, then upon an upgrade to iOS 7 and restore, the profiles (and TLS certs) will carryover and just work.

    The above is if you're restoring. A normal upgrade should also work as well.