Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Restrict non-company issued smart devices

This thread has been viewed 0 times

  • 1.  Restrict non-company issued smart devices

    Posted Jun 19, 2015 02:27 PM

    We use Clearpass (for RADIUS auth and Guest access) with Aruba controllers.  We use Airwatch to provision company-issued phones.  Is there anyway we can not allow "personal" devices on the network even if the person has domain creds?  We tested onboarding, however, that would require a separate SSID for laptops because the laptops connect (automatically) via machine/user auth and the computers are part of our domain.  Smart devices are not.



  • 2.  RE: Restrict non-company issued smart devices

    EMPLOYEE
    Posted Jun 19, 2015 02:30 PM

    endpoint-corp.PNG



  • 3.  RE: Restrict non-company issued smart devices

    Posted Jun 19, 2015 02:32 PM

    not sure I fully understand



  • 4.  RE: Restrict non-company issued smart devices

    EMPLOYEE
    Posted Jun 19, 2015 03:04 PM

    Did you add Airwatch to the list of External Context Servers in CPPM? There should be a tech note on MDM integration that can help you with this and/or check out the ClearPass Exchange Recipes.

     

    Once you do this, the Ownership field will be updated in the endpoints repository for endpoints registered in Airwatch.



  • 5.  RE: Restrict non-company issued smart devices

    Posted Jun 19, 2015 03:52 PM

    no I havent added Airwatch to the list of context servers.



  • 6.  RE: Restrict non-company issued smart devices

    EMPLOYEE
    Posted Jun 19, 2015 03:54 PM
    You'll need to setup the MDM integration before you can use the AirWatch
    attributes.