Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Host user agent string question

This thread has been viewed 5 times

  • 1.  Host user agent string question

    Posted Apr 28, 2020 05:59 AM

    I've got our controller/cppm set up to look at host user agent strings specifically to check for WindowsNT=10.0. Does clearpass concatenate anything it sees in a host user agent string ? e.g. cppm says the attached image is a windows machine ... but we have a fingerprint clash between being a windows machine or a linux machine. Fingerprint tab attached .... seem to be some strange "non windows" entries there

     

    Rgds

    Alex

    Screenshot 2020-04-28 10.16.19.png



  • 2.  RE: Host user agent string question

    EMPLOYEE
    Posted Apr 28, 2020 08:03 AM

    How are you getting the user agent info into CPPM?  Is this device opening a browser and interacting with the CPPM box?  Is this user agent info  also being sent from a controller to CPPM using ifmap?

     

     



  • 3.  RE: Host user agent string question

    Posted Apr 28, 2020 09:08 AM
    ifmap on the controller


  • 4.  RE: Host user agent string question
    Best Answer

    EMPLOYEE
    Posted Apr 28, 2020 09:14 AM

    This looks at all applications that would communicate over port 80 and just aggregates all of the user strings and sends it to ClearPass.  It could be an application that uses port 80 on the device that presents itself through the  user agent as a Linux device as well.