Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Guest Endpoint cleanup

This thread has been viewed 1 times

  • 1.  Guest Endpoint cleanup

    Posted Apr 18, 2019 04:25 AM

    Hi!

     

    I've set guest account cleanup to 30days after expiry.

    But I just noticed that their endpoints are sill kept in clearpass. I would like to clearnup those and remove them. They are set to status known since we use mac-caching.

     

    But I don't want to remove known endpoints that actually use mac-auth for other stuff and are still active. So I guess I cannot use known endpoint clean up since that would remove also those devices.

     

    I found another forum thread that was using a script and clearpass API for this. 

     

    Is this the only valid solution right now ? Seems like somthing most people would like to do, remove old guest endpoints.



  • 2.  RE: Guest Endpoint cleanup
    Best Answer

    Posted Apr 18, 2019 06:49 AM

    Your assumption is correct as far as I know. There is no option to only remove "known guest endpoints" in ClearPass. Creating a script to filter endpoints with the Guest ID attribute (write the ID to endpoint db) and remove those endpoints, is a valid scenario (for now).

     



  • 3.  RE: Guest Endpoint cleanup

    Posted Apr 18, 2019 06:55 AM

    ok, thanks just wanted to verify. Will write a script to do this.