Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

OnGuard with MAC Auth Service

This thread has been viewed 5 times

  • 1.  OnGuard with MAC Auth Service

    Posted Sep 11, 2019 01:13 PM

    I am hoping this is an easy one, but I couldn't find any documentation on this. Can posture tokens be used to determine enforcement during a MAC authentication? I have OnGuard configured and it is reporting HEALTHY tokens back to CPPM on the WebAuth OnGuard service, but when that same client hits the MAC auth, their posture is showing as UNKNOWN. I do have the box checked in the enforcement policy to use cached roles and attributes. 



  • 2.  RE: OnGuard with MAC Auth Service

    EMPLOYEE
    Posted Sep 16, 2019 09:25 AM

    It definitely works. I just tested this in my lab for a wireless MAC Auth.

     

    The Enforcment Policy to use is Tips:Posture EQUALS HEALTHY --> Assign a role.

     

    You can also use a COA where you send a role instead of a disconnect in the WEBAUTH itself which is a much better flow and user experience.