Security

Reply
Moderator

Re: Enable OnGuard Agent Auto Installation

1) Why are you running 6.6.0? You should be on either 6.6.10 or 6.7.5

2) Did you allow 443 and 6658 in your quarantine role?

3) Why are you doing posture on guest users?

4) Did you enable posture cache in your enforcement policy?

 

I'd recommend you work with your Aruba ClearPass partner to deploy OnGuard. It can be a bit complex without prior experience.



If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
MVP Expert

Re: Enable OnGuard Agent Auto Installation

Hi Tim,

 

1) Though is not the solution for the issue I am trying to solve, I am planning that upgrade in a few days.

2) I am not using the quarantine role yet, I will use it later.

3) I am not doing posture on guest users, it is for corporate users.

4) Yes.

 

I will spend more time on this, but I think to solve this issue I have to modify my guest role in my IAP, allow external captive portal and restricted access to ClearPass.

 

Thanks for your help,

Julián

Highlighted
Frequent Contributor I

Re: Enable OnGuard Agent Auto Installation

Hi

Did you make any progress on this? In my setup I can redirect the client to the cppm web page where I have put the links to download the agent, but only if I use 'Radius authentication' as portal type in Instant. 'Authentication text' doesn't redirect anything. 

Also, as the captive portal rule is at the top in the 'unknown' role, all http(s) is always redirected to the web page as long as the device is unknown. Unfortunatly it will remain unknown as it cannot connect to the Clearpass server on the Onguard port. 

Maybe if we set an endpoint attribute when the device has the unknown health state, so that the second time the client connects, it is put in a quarantine role (based on that attribute and assuming that the agent has been downloaded) so that the agent can connect to Clearpass. 

Rgds

Peter

 

 

ACMX, ACDX, ACCP, MASE
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: