Security

Reply
Highlighted
Contributor I

Clearpass Service Monitor Mode

(Not really a security related question but it's one of the few groups that actually include Clearpass and Clearpass related questions....  Where should general Clearpass questions go?)

 

Can someone please explain how Monitor Mode is supposed to work when creating a new Clearpass Servcie?

 

Docs say: 

 

Optionally check the Enable to monitor network access without enforcement to allow authentication and health validation exchanges to take place between endpoint and Policy Manager, but without enforcement.

In Monitor Mode, no enforcement profiles (and associated attributes) are sent to the network device.

 

 

Since the Services are top - down similar to a firewall. If a service is put in place, in monitor mode, does it not flow through to the next service? Because it does not appear to do so.

 

I put a new service into Monitor mode and enabled it expecting it to hit that service, log it (to be able to check on via Access Tracker), but pass through to the next Service which is the current, working service. It did not work this way.

 

It seems that it hit my test service, logged it, and stopped, never passing through to the next Service. It ended up causing access failures for many people since the next Service was never hit/reached.

 

Is this expected behavior? It was NOT what I was expecting. (What is the point of Monitor Mode if it breaks things?)

Guru Elite

Re: Clearpass Service Monitor Mode

If the request matches the service, it will use that service and not continue to other services. This is not unique to monitor mode and is how the product works. Monitor mode simply means that instead of returning back full policy, only an access accept is sent.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Contributor I

Re: Clearpass Service Monitor Mode

Thanks for the quick answer...

 

But I guess I'm being short sighted then. So when and why would you use Monitor Mode?  I'm missing how it should be used. What circumstances does it work for?

 

And it would be nice if this type feature existed. Put a Service in place but have it pass through while still logging. You could then test out a Service... rather easily.

Guru Elite

Re: Clearpass Service Monitor Mode

It’s for when you’re not ready to deploy policy, but want to see requests in real time to assist you in building policy without effecting end users.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: