Security

Hi, with Clearpass Entry license, profiling shouldn't be available. However, I've installed a CPPM with Entry license and I see the endpoints getting profiled and it's even possible to use profiling in services. Is this a functionaltiy that is yet to be dropped in a new sw version? I would like to know what endpoint attributes we would be able to use in the policy rules.

True, entry should not allow TACACs, profiling, or 3rd party integration. Do you have some evaluation/demo licenses still active? 

I also suppose you are at least on version 6.8 ?

Yes, v 6.8. It's an Entry evaluation license. I have to make a services design, but I don't know which attributes will be available with Entry. That's why I installed this eval on a new test server. But I don't see any difference with Access licenses at the moment.

Do you have any other licenses active on the server? Is it using an Access license? Is this server part of a cluster that has Access licensing?

Hi, no it's a new standalone eval server (VM) with only an eval platform license and eval Entry license.

Did you already install an Entry-licensed CPPM? I'd like to see how the endpoint entries look like and what is available for policy rules.

Did anyone actually install an Entry-licensed CPPM?

I have. And it works as advertised. You will get low level system profile information, but no full profiling. TACACS is not available, and I was not able to add an external context server. 

Maybe re-install the VM, and migrate the licenses over to it?

Also make sure to double check that you do not have any type of evaluation licenses installed when you begin testing.

Ah ok nice. I installed a fresh CPPM with Entry eval only. Maybe eval Entry license are more like Access Licenses.

How do the endpoint entries look like? Do they have less fields or are the simply not fingerprinted automatically?

The endpoints are not profiled, and will have basic information. See the attached images for what my iPad looks like, even with profiling configured correctly.

Thx Dustin. That's helpful info. I can confirm that with the eval version at this moment al functions are available, even without access or entry licenses. Apparently 100 access licenses are included with the eval platform key.

And also to your last comment, the Entry licenses are like a basic version of Access licenses. There is also a special part number to upgrade from entry to access licenses.