Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Subscriber out of sync and OnBoard taking a long time.

This thread has been viewed 1 times

  • 1.  Subscriber out of sync and OnBoard taking a long time.

    Posted Feb 28, 2017 12:06 PM

    I am working with a client who has a Publisher Clearpass node on the west coast of the US, and a subscriber node in Mumbai. The subscriber node never reports that the publisher is down, but it IS usually out of sync by about 2-5 hours. In addition to this, OnBoarding via users in Mumbai often takes upwards of 1-2 hours to actually be pushed device certificates. Is there a set of steps we can work on to best determine what is causing this issue? If it's simply a slow communication between the two devices, what would be the best way to diagnose where the slowdown is actually occuring so we can attempt to remediate?



  • 2.  RE: Subscriber out of sync and OnBoard taking a long time.

    Posted Feb 28, 2017 03:09 PM
    What's the round trip delay between the two nodes?


    Get Outlook for iOS


  • 3.  RE: Subscriber out of sync and OnBoard taking a long time.

    Posted Mar 02, 2017 01:42 PM

    I just asked my consultant who is on site and he said "WAY over the the max time that is needed between a pub and sub"

     

    So I'm assuming the only resolution in this case would be to break the Pub/Sub relationship, and have the Sub be it's own CA locally? Or have them upgrade their WAN?



  • 4.  RE: Subscriber out of sync and OnBoard taking a long time.

    Posted Feb 28, 2017 03:09 PM
    What's the round trip delay between the two nodes?


    Get Outlook for iOS