Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

cppm wired and wireless posture config

This thread has been viewed 0 times

  • 1.  cppm wired and wireless posture config

    Posted Sep 01, 2014 06:10 PM

    hi,

     

    i have cppm , i have configured wrilessservice with posture for employee,

    and we want to configure wired service with posture,,

     

     have already created posture policy and profiles for them, and its work good with wireless service,

     

    what am asking,, do i have to create another posture policy for wired service also,

     

    for wired i have created mac auth service and wired service ,under wired service i have create policy with rules to check if the tips equal to user auth and if tips equla to mac auth, and to chech if the user equal to healthy,,

     

    can i use the same posture service, of wirless? did the posture service which i have created  enough?

     

    thanks



  • 2.  RE: cppm wired and wireless posture config

    EMPLOYEE
    Posted Sep 01, 2014 06:13 PM

    You can use the same posture policy, you just might want to use a separate enforcement policy if you use different roles and VLANs on the wired side.



  • 3.  RE: cppm wired and wireless posture config

    Posted Sep 01, 2014 07:52 PM

    i have already created another policy for and am using Dacl cisco switch,

     

    for healthy and unhealthystatus should i add  Dacl profile , or only for healthy status



  • 4.  RE: cppm wired and wireless posture config

    EMPLOYEE
    Posted Sep 01, 2014 07:54 PM
    If you want to treat the unhealthy clients differently, then you'll need an unhealthy enforcement profile.


  • 5.  RE: cppm wired and wireless posture config

    Posted Sep 01, 2014 08:00 PM

    i have already created healthy profille (full access) and unhealthy profile(limited acces)

     

     

    i just confused when i i sgin let say full acccess prfile for a rule should i add Dacl profile also with full access profile (the 2 profiles)

     

    and should i sagin limited access profile with Dacl profile to another rule?

     

     

    or should i add Dacl profile to the rule which check if its healthy?

     



  • 6.  RE: cppm wired and wireless posture config

    Posted Sep 01, 2014 08:01 PM

    where should i add Dacl cisco profile???



  • 7.  RE: cppm wired and wireless posture config

    EMPLOYEE
    Posted Sep 01, 2014 08:03 PM
    In your wired enforcement policy. Check for tips posture status unhealthy.


  • 8.  RE: cppm wired and wireless posture config

    Posted Sep 01, 2014 08:08 PM

    /thankssss,

     

     

    i have 4 services

    wireless service

    posture service

    wired service

    mac auth service

     

    is that right way or orderin services?



  • 9.  RE: cppm wired and wireless posture config

    Posted Sep 02, 2014 05:06 AM

    that is dificult to say without knowing their matching configuration. in principle the order is fine if  the correct services are hit, but you will have to look at that yourself.