Security

guys i have an issue with cppm captive portal , that while register to page i can reach cppm page as https !! i tried to restrict vlans from cppm and it worked but after login not in register .

i want to prevent guests from reaching cppm page can anyone help me ?!

Can you share the output of "show rights <role>" for the role that should not access https to the cppm admin page?

If your using guest-logon controls, you will be able to get to clearpass, which will all the user to also get to the Policy Manager, and other services. If you want to block access for guests, you need to configure server access rules. When your in Policy Manager, browse to administration -> Server Manager -> Server Confguration. Click on the server. Navigate to the Network tab, and you will be able to click on Restrict Access under Application Control. Here you cna whitelist sunets that should be allowed to get to these. See screenshot: 

i did it already but still guest can reach cppm on captive portal page !!

I'm not sure I am understanding your current issue. Are you saying that after the guests register/login and they are now in the authenticated guest role, they are getting to cppm? Or are you talking about the pre-authenticated role or guest-login?

hey ,

my issue is when guest try to connect ssid for guest users he needs a user name and password at this stage he can reach cppm page!! with out put any us or ps he is already open cppm.

how can i solve this issue , i tried to make restriction from iap(vc) from network-based and roles and prevention subnets from clearpass , all of this worked but after guest log in to network before that he obtained an ip just to reach captive portal , but he also reach to cppm page . i dunno who!!

thanks i solved it with a help from your reply