Security

last person joined: 12 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

clearpass - Policy cache timeout

This thread has been viewed 12 times

  • 1.  clearpass - Policy cache timeout

    Posted Mar 25, 2016 03:16 AM

    I would like to understand how Policy cahce timeout in server parameters play.

     

    I want to implement in such a way that , only whenever there is a change in clearpass onguard posture status , webauth should be sent.

    If i set policy cache timeoue value to 24 hours , client get healthy enforcement profile  and endpoint will be updated with policycaceh for 24hours.

    Now my question is suppose , during an active session , health status become quarantine or unknown . will the client trigger another web auth session to get quarantine enforce profile ?

     

    eventually i want to achieve only whenever there is a change in clearpass onguard posture status , webauth should be sent. Means, if a user authenticated in the morning, unless there is a posture change, reauthentication shouldnot occur.



  • 2.  RE: clearpass - Policy cache timeout

    Posted Mar 25, 2016 08:01 AM
    Now my question is suppose , during an active session , health status become quarantine or unknown . will the client trigger another web auth session to get quarantine enforce profile ?
    Yes

    The agent backend service should be able to detect the change and send a posture status to CPPM


    Sent from Outlook for iPhone


  • 3.  RE: clearpass - Policy cache timeout

    Posted Mar 25, 2016 08:09 AM

    Thank you!

     

    can i have more clarification. what will happen if i set policy cache vlaue to 5 mins and policy cache value to 12 hours ?

     

    what  this timeout value actually does ?

    @Victor Fabian wrote:
    Now my question is suppose , during an active session , health status become quarantine or unknown . will the client trigger another web auth session to get quarantine enforce profile ?
    Yes

    The agent backend service should be able to detect the change and send a posture status to CPPM


    Sent from Outlook for iPhone
    @Victor Fabian wrote:
    Now my question is suppose , during an active session , health status become quarantine or unknown . will the client trigger another web auth session to get quarantine enforce profile ?
    Yes

    The agent backend service should be able to detect the change and send a posture status to CPPM


    Sent from Outlook for iPhone





  • 4.  RE: clearpass - Policy cache timeout
    Best Answer

    Posted Mar 25, 2016 08:22 AM
    can i have more clarification. what will happen if i set policy cache vlaue to 5 mins and policy cache value to 12 hours ?

    what this timeout value actually does ?

    If a device obtained a healthy posture and got access to the network then In a roaming event (if the agent communication with server is uninterrupted ) the device will be able to rejoin the network without having to run a health check again and get bounce or CoA (using the cache posture for 12 hours)

    Sent from Outlook for iPhone