Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass question about VIP/FQDN

This thread has been viewed 5 times

  • 1.  Clearpass question about VIP/FQDN

    Posted Nov 11, 2019 02:56 AM

    Hi all,

     

    Just a few quick questions.

     

    1. When im using a VIP address, Is it still best practice to point to each node ip in de switch as radius server and iphelper for profiling?

     

    2. When using a cluster, i want to use FQDN as the CN in my certificate. Do i need to get the FQDN the same on all nodes on the cluster or is there a special config for a "cluster FQDN"?

     

    Thank you



  • 2.  RE: Clearpass question about VIP/FQDN
    Best Answer

    Posted Nov 11, 2019 03:41 AM

    Hello, 

     

     

    1. Yes, you should configure your NADs to point each individuals ClearPass servers. VIP is good to for captive portal workflow. Please see : https://community.arubanetworks.com/t5/Security/ClearPass-Cluster-with-VIP-or-not/td-p/299261

     

    2. I would advice to use a common CN for RADIUS Certificate like radius-clearpass.domain.tld and install this certificate on each cppm. 

     

    For HTTPS certificate, you can create one for each clearpass using the fqdn as the CN : fqdn1.domain.tld for cppm1, fqdn2.domain.tld for cppm2, etc. 

     


    Cheers