Security

Dear Community,

 

Our customer doesn't want to set dns-server IP in ClearPass, because they separate the CP's VM in their network and they won't let the CP access to the DNS-server. They would like to edit the host file instead. Is it possible?

Thank you for your answer in advance!

 

I am pretty certain that all access to ClearPass OS system files requires A support case and I am not sure they would support manual edits to the hosts file. When we configure a ClearPass box for a guest network we will usually use DNS proxy (goes by many names depending on the FW manufacturer) to respond with the internal/DMZ addresses where needed and forward the rest out to a public DNS.

---

@Zsomi wrote:

Dear Community,

 

Our customer doesn't want to set dns-server IP in ClearPass, because they separate the CP's VM in their network and they won't let the CP access to the DNS-server. They would like to edit the host file instead. Is it possible?

Thank you for your answer in advance!

 

---

The short answer is No.  CP should be on the side of the "firewall" that allows it to access DNS as well as domain controllers, because if you use 802.1x DNS will be used to discover domain controllers for authentication.  If your clearpass box cannot access DNS, please re-consider how you are designing your network.

Dear cjoseph,

 

Thank you for your reply. We also suggested to use DNS-server, but they wanted to know is it possible to edit the hostfile. Thank you again.